Search
Collection
Category
Tag
Blog
Pricing
Submit

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates

Email

AISecKit

Curated AI security tools & LLM safety resources for cybersecurity professionals

Product

Search
Collection
Category
Tag

Resources

Blog
Pricing
Submit

Tools

🔥Marathons Tools

Company

About Us
Privacy Policy
Terms of Service
Sitemap

Copyright © 2025 All Rights Reserved.

Home
Category
Kingdee-erp-Unserialize-RCE

Kingdee-erp-Unserialize-RCE

A proof of concept for exploiting a remote code execution vulnerability in Kingdee ERP systems.

Introduction

Information

Publisher
AISecKit
Websitegithub.com
Published date2025/04/28

Categories

Penetration Testing
Vulnerability Scanners
Exploitation Frameworks

Tags

Application Security
Exploit Development
Security Auditing

More Products

Exploiting AI

An introductory class on understanding AI security risks and mitigation strategies.

Prompt Injection Generative AI Red Team Testing Data Poisoning

Folly

Open-source LLM Prompt-Injection and Jailbreaking Playground for testing LLM security vulnerabilities.

Prompt Injection Open Source API Security Security Testing LLM Security+1

Cybersecurity AI

Cybersecurity AI (CAI) is an open Bug Bounty-ready Artificial Intelligence framework for enhancing security operations.

Open Source Bug Bounty

Kingdee-erp-Unserialize-RCE

Overview:
This repository provides proof of concept (POC) and exploit (EXP) for a remote code execution (RCE) vulnerability found in Kingdee ERP's unserialize function.

Key Features:

Exploits the lack of signature or verification during serialization/deserialization.
Targets specific vulnerable versions of Kingdee ERP (versions 6.x, 7.x, and 8.x).

Benefits:

Assists security professionals in identifying and verifying vulnerabilities in Kingdee ERP systems.
Enhances awareness of potential security issues and the need for proper validation in serialization processes.

Usage:
Includes command examples for checking vulnerabilities and executing commands remotely through the exploit.