java-gadget-chain. This project contains a Java deserialization vulnerability that is exploitable with some ysoserial payloads, but also contains a custom class that can be leveraged to get command execution upon deserialization.

github.com/dub-flow/java-gadget-chain

Problem

Audience

Updates

No founder updates yet. Check back soon.