Skip to content

CommonsCollections8 payload#116

Merged
frohoff merged 2 commits into
frohoff:newgadgetsfrom
navalorenzo:master
Apr 27, 2022
Merged

CommonsCollections8 payload#116
frohoff merged 2 commits into
frohoff:newgadgetsfrom
navalorenzo:master

Conversation

@navalorenzo

Copy link
Copy Markdown

Hello, this is a new payload for CommonsCollections 4.0.
I think this could be interesting because, unlike the other payloads, the entry point is a CommonsCollections class and not a Java standard library class.

I am sorry for the double request, I wanted to clean up some mistakes.

Thank you.
Best regards.

@navalorenzo

Copy link
Copy Markdown
Author

Hello @frohoff,
did you have the chance to look into the chain? Is there any issue with this contribution?
Thank you.
Best regards.

@navalorenzo

Copy link
Copy Markdown
Author

Hello @frohoff,
is there any update?
Thank you.
Best regards.

@EdoardoVignati

Copy link
Copy Markdown

Hi @navalorenzo I checked this payload and it's working.
I think @frohoff this can be merged

@frohoff frohoff changed the base branch from master to newgadgets April 27, 2022 05:03
@frohoff frohoff merged commit 9c448b5 into frohoff:newgadgets Apr 27, 2022
frohoff added a commit that referenced this pull request Apr 27, 2022
* CommonsCollections8 payload (#116)

* New gadgets (Struts2JasperReports - Atomikos - SpringJta) (#123)

* added Atomikos gadget payload

* added Atomikos gadget payload

* naming

* added spring-jta gadget

* added strutsJasperReports gadget + tests

* updated deps list on springJta

* fixed authors

* renaming

* Add new payload in Commons Collections 3.2.1 (#125)

* Add Jython2 gadget (#135)

This version of Jython2 executes a command through os.system(). Based on Jython1 from @pwntester & @cschneider4711

Co-authored-by: Chris Frohoff <chris@frohoff.org>

* Add scala and clojure payloads from a couple of years ago (#137)

* Add some payloads for Scala

* Add new clojure payload effecting versions since 1.8.0

* Fix infinite loop behavior of clojure2 payload.

* add CommonsBeanutils2 (#163)

* ceylon gadget (#173)

Co-authored-by: navalorenzo <34750199+navalorenzo@users.noreply.github.com>
Co-authored-by: Stefano Ciccone <sciccone@gdssecurity.com>
Co-authored-by: 梅子酒 <960596293@qq.com>
Co-authored-by: Yorick Koster <ykoster@users.noreply.github.com>
Co-authored-by: Ian Haken <ihaken@netflix.com>
Co-authored-by: k4n5ha0 <9199771@qq.com>
Co-authored-by: supersache <42678777+supersache@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants