Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature.
PoC: Awesome_shiro
CVE-2016-4437-Shiro反序列化爆破模块和key,命令执行,反弹shell的脚本
PoC: shisoserial
一个针对shiro反序列化漏洞(CVE-2016-4437)的快速利用工具/A simple tool targeted at shiro framework attacks with ysoserial.
PoC: cve-2016-4437
这是基于cve-2016-4437简单的漏洞复现代码
PoC: CVE-2016-4437
1.验证CVE-2016-4437、2.解析rememberMe的文件和CBC加密的IV偏移
PoC: CVE-2016-4437
Python POC to Exploit CVE-2016-4437 Apache Shiro Deserialization Vulnerability Due to Hardcode Encryption Key
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free