├── .gitignore ├── .idea ├── compiler.xml ├── dictionaries │ └── tdy218.xml ├── misc.xml ├── vcs.xml └── workspace.xml ├── README.md ├── pom.xml ├── src └── main │ └── java │ ├── weblogic │ └── jms │ │ └── common │ │ └── StreamMessageImpl.java │ └── ysoserial │ ├── Deserializer.java │ ├── GeneratePayload.java │ ├── Serializer.java │ ├── Strings.java │ ├── exploit │ ├── JRMPClassLoadingListener.java │ ├── JRMPClient.java │ ├── JRMPListener.java │ └── RMIRegistryExploit.java │ ├── payloads │ ├── JRMPClient.java │ ├── JRMPClient2.java │ ├── JRMPClient3.java │ ├── Jdk7u21.java │ ├── ObjectPayload.java │ ├── ReleaseableObjectPayload.java │ ├── annotation │ │ ├── Authors.java │ │ └── Dependencies.java │ └── util │ │ ├── ClassFiles.java │ │ ├── Gadgets.java │ │ ├── JavaVersion.java │ │ ├── PayloadRunner.java │ │ └── Reflections.java │ └── secmgr │ ├── DelegateSecurityManager.java │ └── ExecCheckingSecurityManager.java ├── wls-cve-2018-2628-poc.py └── ysoserial-cve-2018-2628.iml /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/.gitignore -------------------------------------------------------------------------------- /.idea/compiler.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/.idea/compiler.xml -------------------------------------------------------------------------------- /.idea/dictionaries/tdy218.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/.idea/dictionaries/tdy218.xml -------------------------------------------------------------------------------- /.idea/misc.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/.idea/misc.xml -------------------------------------------------------------------------------- /.idea/vcs.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/.idea/vcs.xml -------------------------------------------------------------------------------- /.idea/workspace.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/.idea/workspace.xml -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/README.md -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/pom.xml -------------------------------------------------------------------------------- /src/main/java/weblogic/jms/common/StreamMessageImpl.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/weblogic/jms/common/StreamMessageImpl.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/Deserializer.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/Deserializer.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/GeneratePayload.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/GeneratePayload.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/Serializer.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/Serializer.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/Strings.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/Strings.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/exploit/JRMPClassLoadingListener.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/exploit/JRMPClassLoadingListener.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/exploit/JRMPClient.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/exploit/JRMPClient.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/exploit/JRMPListener.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/exploit/JRMPListener.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/exploit/RMIRegistryExploit.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/exploit/RMIRegistryExploit.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/payloads/JRMPClient.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/payloads/JRMPClient.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/payloads/JRMPClient2.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/payloads/JRMPClient2.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/payloads/JRMPClient3.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/payloads/JRMPClient3.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/payloads/Jdk7u21.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/payloads/Jdk7u21.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/payloads/ObjectPayload.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/payloads/ObjectPayload.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/payloads/ReleaseableObjectPayload.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/payloads/ReleaseableObjectPayload.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/payloads/annotation/Authors.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/payloads/annotation/Authors.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/payloads/annotation/Dependencies.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/payloads/annotation/Dependencies.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/payloads/util/ClassFiles.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/payloads/util/ClassFiles.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/payloads/util/Gadgets.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/payloads/util/Gadgets.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/payloads/util/JavaVersion.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/payloads/util/JavaVersion.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/payloads/util/PayloadRunner.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/payloads/util/PayloadRunner.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/payloads/util/Reflections.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/payloads/util/Reflections.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/secmgr/DelegateSecurityManager.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/secmgr/DelegateSecurityManager.java -------------------------------------------------------------------------------- /src/main/java/ysoserial/secmgr/ExecCheckingSecurityManager.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/src/main/java/ysoserial/secmgr/ExecCheckingSecurityManager.java -------------------------------------------------------------------------------- /wls-cve-2018-2628-poc.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/wls-cve-2018-2628-poc.py -------------------------------------------------------------------------------- /ysoserial-cve-2018-2628.iml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tdy218/ysoserial-cve-2018-2628/HEAD/ysoserial-cve-2018-2628.iml --------------------------------------------------------------------------------