-
Notifications
You must be signed in to change notification settings - Fork 69
/
Copy pathserialkiller.conf
103 lines (103 loc) · 6.28 KB
/
serialkiller.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<?xml version="1.0" encoding="UTF-8"?>
<!-- serialkiller.conf -->
<config>
<refresh>6000</refresh>
<mode>
<!-- set to 'false' for blocking mode -->
<profiling>false</profiling>
</mode>
<blacklist>
<regexps>
<!-- ysoserial's BeanShell1 payload -->
<regexp>bsh\.XThis$</regexp>
<regexp>bsh\.Interpreter$</regexp>
<!-- ysoserial's C3P0 payload -->
<regexp>com\.mchange\.v2\.c3p0\.impl\.PoolBackedDataSourceBase$</regexp>
<!-- ysoserial's CommonsBeanutils1 payload -->
<regexp>org\.apache\.commons\.beanutils\.BeanComparator$</regexp>
<!-- ysoserial's CommonsCollections1,3,5,6 payload -->
<regexp>org\.apache\.commons\.collections\.Transformer$</regexp>
<regexp>org\.apache\.commons\.collections\.functors\.InvokerTransformer$</regexp>
<regexp>org\.apache\.commons\.collections\.functors\.ChainedTransformer$</regexp>
<regexp>org\.apache\.commons\.collections\.functors\.ConstantTransformer$</regexp>
<regexp>org\.apache\.commons\.collections\.functors\.InstantiateTransformer$</regexp>
<!-- ysoserial's CommonsCollections2,4 payload -->
<regexp>org\.apache\.commons\.collections4\.functors\.InvokerTransformer$</regexp>
<regexp>org\.apache\.commons\.collections4\.functors\.ChainedTransformer$</regexp>
<regexp>org\.apache\.commons\.collections4\.functors\.ConstantTransformer$</regexp>
<regexp>org\.apache\.commons\.collections4\.functors\.InstantiateTransformer$</regexp>
<regexp>org\.apache\.commons\.collections4\.comparators\.TransformingComparator$</regexp>
<!-- ysoserial's FileUpload1,Wicket1 payload -->
<regexp>org\.apache\.commons\.fileupload\.disk\.DiskFileItem$</regexp>
<regexp>org\.apache\.wicket\.util\.upload\.DiskFileItem$</regexp>
<!-- ysoserial's Groovy payload -->
<regexp>org\.codehaus\.groovy\.runtime\.ConvertedClosure$</regexp>
<regexp>org\.codehaus\.groovy\.runtime\.MethodClosure$</regexp>
<!-- ysoserial's Hibernate1,2 payload -->
<regexp>org\.hibernate\.engine\.spi\.TypedValue$</regexp>
<regexp>org\.hibernate\.tuple\.component\.AbstractComponentTuplizer$</regexp>
<regexp>org\.hibernate\.tuple\.component\.PojoComponentTuplizer$</regexp>
<regexp>org\.hibernate\.type\.AbstractType$</regexp>
<regexp>org\.hibernate\.type\.ComponentType$</regexp>
<regexp>org\.hibernate\.type\.Type$</regexp>
<regexp>com\.sun\.rowset\.JdbcRowSetImpl$</regexp>
<!-- ysoserial's JBossInterceptors1, JavassistWeld1 payload -->
<regexp>org\.jboss\.(weld\.)?interceptor\.builder\.InterceptionModelBuilder$</regexp>
<regexp>org\.jboss\.(weld\.)?interceptor\.builder\.MethodReference$</regexp>
<regexp>org\.jboss\.(weld\.)?interceptor\.proxy\.DefaultInvocationContextFactory$</regexp>
<regexp>org\.jboss\.(weld\.)?interceptor\.proxy\.InterceptorMethodHandler$</regexp>
<regexp>org\.jboss\.(weld\.)?interceptor\.reader\.ClassMetadataInterceptorReference$</regexp>
<regexp>org\.jboss\.(weld\.)?interceptor\.reader\.DefaultMethodMetadata$</regexp>
<regexp>org\.jboss\.(weld\.)?interceptor\.reader\.ReflectiveClassMetadata$</regexp>
<regexp>org\.jboss\.(weld\.)?interceptor\.reader\.SimpleInterceptorMetadata$</regexp>
<regexp>org\.jboss\.(weld\.)?interceptor\.spi\.instance\.InterceptorInstantiator$</regexp>
<regexp>org\.jboss\.(weld\.)?interceptor\.spi\.metadata\.InterceptorReference$</regexp>
<regexp>org\.jboss\.(weld\.)?interceptor\.spi\.metadata\.MethodMetadata$</regexp>
<regexp>org\.jboss\.(weld\.)?interceptor\.spi\.model\.InterceptionModel$</regexp>
<regexp>org\.jboss\.(weld\.)?interceptor\.spi\.model\.InterceptionType$</regexp>
<!-- ysoserial's JRMPClient payload -->
<regexp>java\.rmi\.registry\.Registry$</regexp>
<regexp>java\.rmi\.server\.ObjID$</regexp>
<regexp>java\.rmi\.server\.RemoteObjectInvocationHandler$</regexp>
<!-- ysoserial's JSON1 payload -->
<regexp>net\.sf\.json\.JSONObject$</regexp>
<!-- ysoserial's Jdk7u21 payload -->
<regexp>javax\.xml\.transform\.Templates$</regexp>
<!-- ysoserial's Jython1 payload -->
<regexp>org\.python\.core\.PyObject$</regexp>
<regexp>org\.python\.core\.PyBytecode$</regexp>
<regexp>org\.python\.core\.PyFunction$</regexp>
<!-- ysoserial's MozillaRhino1 payload -->
<regexp>org\.mozilla\.javascript\..*$</regexp>
<!-- ysoserial's Myfaces1,2 payload -->
<regexp>org\.apache\.myfaces\.context\.servlet\.FacesContextImpl$</regexp>
<regexp>org\.apache\.myfaces\.context\.servlet\.FacesContextImplBase$</regexp>
<regexp>org\.apache\.myfaces\.el\.CompositeELResolver$</regexp>
<regexp>org\.apache\.myfaces\.el\.unified\.FacesELContext$</regexp>
<regexp>org\.apache\.myfaces\.view\.facelets\.el\.ValueExpressionMethodExpression$</regexp>
<!-- ysoserial's ROME payload -->
<regexp>com\.sun\.syndication\.feed\.impl\.ObjectBean$</regexp>
<!-- ysoserial's Spring1,2 payload -->
<regexp>org\.springframework\.beans\.factory\.ObjectFactory$</regexp>
<regexp>org\.springframework\.core\.SerializableTypeWrapper\$MethodInvokeTypeProvider$</regexp>
<regexp>org\.springframework\.aop\.framework\.AdvisedSupport$</regexp>
<regexp>org\.springframework\.aop\.target\.SingletonTargetSource$</regexp>
<regexp>org\.springframework\.aop\.framework\.JdkDynamicAopProxy$</regexp>
<regexp>org\.springframework\.core\.SerializableTypeWrapper\$TypeProvider$</regexp>
<!-- other trigger gadgets or payloads -->
<regexp>java\.util\.PriorityQueue$</regexp>
<regexp>java\.lang\.reflect\.Proxy$</regexp>
<regexp>javax\.management\.MBeanServerInvocationHandler$</regexp>
<regexp>javax\.management\.openmbean\.CompositeDataInvocationHandler$</regexp>
<regexp>org\.springframework\.aop\.framework\.JdkDynamicAopProxy$</regexp>
<regexp>java\.beans\.EventHandler$</regexp>
<regexp>java\.util\.Comparator$</regexp>
<regexp>org\.reflections\.Reflections$</regexp>
</regexps>
</blacklist>
<whitelist>
<regexps>
<regexp>.*</regexp>
</regexps>
</whitelist>
</config>