├── README.md ├── auto └── codeql.md ├── base ├── annotation.md ├── debug.md ├── jndi.md ├── ldap.md ├── proxy.md ├── reflect.md └── rmi.md ├── poc ├── CNVD-2016-04742.md ├── CVE-2015-4852.md ├── CVE-2015-4852 │ ├── .gitignore │ ├── .idea │ │ ├── .gitignore │ │ ├── jpa-buddy.xml │ │ ├── libraries │ │ │ └── commons_collections_3_1.xml │ │ ├── misc.xml │ │ └── modules.xml │ ├── CVE-2015-4852.iml │ ├── lib │ │ └── commons-collections-3.1.jar │ └── src │ │ └── PoC.java ├── CVE-2016-4437.md ├── CVE-2017-18349.md ├── CVE-2017-18349 │ ├── .gitignore │ ├── .idea │ │ ├── .gitignore │ │ ├── jpa-buddy.xml │ │ ├── libraries │ │ │ └── fastjson_1_2_24.xml │ │ ├── misc.xml │ │ └── modules.xml │ ├── CVE-2017-18349.iml │ ├── lib │ │ └── fastjson-1.2.24.jar │ └── src │ │ ├── ExecPoC.java │ │ └── PoC.java ├── CVE-2021-45105.md ├── CVE-2021-45105 │ ├── .gitignore │ ├── .idea │ │ ├── .gitignore │ │ ├── encodings.xml │ │ ├── jpa-buddy.xml │ │ └── misc.xml │ ├── pom.xml │ └── src │ │ └── main │ │ └── java │ │ └── org │ │ └── example │ │ └── PoC.java ├── CVE-2022-22963.md └── CVE-2022-22965.md └── vul ├── deserialization.md ├── el.md ├── fileoperate.md ├── inconsistency-url.md ├── ognl.md ├── rce.md ├── spel.md ├── sql.md ├── ssti.md ├── upload.md └── xxe.md /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/README.md -------------------------------------------------------------------------------- /auto/codeql.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/auto/codeql.md -------------------------------------------------------------------------------- /base/annotation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/base/annotation.md -------------------------------------------------------------------------------- /base/debug.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/base/debug.md -------------------------------------------------------------------------------- /base/jndi.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/base/jndi.md -------------------------------------------------------------------------------- /base/ldap.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/base/ldap.md -------------------------------------------------------------------------------- /base/proxy.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/base/proxy.md -------------------------------------------------------------------------------- /base/reflect.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/base/reflect.md -------------------------------------------------------------------------------- /base/rmi.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/base/rmi.md -------------------------------------------------------------------------------- /poc/CNVD-2016-04742.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CNVD-2016-04742.md -------------------------------------------------------------------------------- /poc/CVE-2015-4852.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2015-4852.md -------------------------------------------------------------------------------- /poc/CVE-2015-4852/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2015-4852/.gitignore -------------------------------------------------------------------------------- /poc/CVE-2015-4852/.idea/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2015-4852/.idea/.gitignore -------------------------------------------------------------------------------- /poc/CVE-2015-4852/.idea/jpa-buddy.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2015-4852/.idea/jpa-buddy.xml -------------------------------------------------------------------------------- /poc/CVE-2015-4852/.idea/libraries/commons_collections_3_1.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2015-4852/.idea/libraries/commons_collections_3_1.xml -------------------------------------------------------------------------------- /poc/CVE-2015-4852/.idea/misc.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2015-4852/.idea/misc.xml -------------------------------------------------------------------------------- /poc/CVE-2015-4852/.idea/modules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2015-4852/.idea/modules.xml -------------------------------------------------------------------------------- /poc/CVE-2015-4852/CVE-2015-4852.iml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2015-4852/CVE-2015-4852.iml -------------------------------------------------------------------------------- /poc/CVE-2015-4852/lib/commons-collections-3.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2015-4852/lib/commons-collections-3.1.jar -------------------------------------------------------------------------------- /poc/CVE-2015-4852/src/PoC.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2015-4852/src/PoC.java -------------------------------------------------------------------------------- /poc/CVE-2016-4437.md: -------------------------------------------------------------------------------- 1 | # Apache Shiro 反序列化漏洞 CVE-2016-4437 -------------------------------------------------------------------------------- /poc/CVE-2017-18349.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2017-18349.md -------------------------------------------------------------------------------- /poc/CVE-2017-18349/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2017-18349/.gitignore -------------------------------------------------------------------------------- /poc/CVE-2017-18349/.idea/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2017-18349/.idea/.gitignore -------------------------------------------------------------------------------- /poc/CVE-2017-18349/.idea/jpa-buddy.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2017-18349/.idea/jpa-buddy.xml -------------------------------------------------------------------------------- /poc/CVE-2017-18349/.idea/libraries/fastjson_1_2_24.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2017-18349/.idea/libraries/fastjson_1_2_24.xml -------------------------------------------------------------------------------- /poc/CVE-2017-18349/.idea/misc.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2017-18349/.idea/misc.xml -------------------------------------------------------------------------------- /poc/CVE-2017-18349/.idea/modules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2017-18349/.idea/modules.xml -------------------------------------------------------------------------------- /poc/CVE-2017-18349/CVE-2017-18349.iml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2017-18349/CVE-2017-18349.iml -------------------------------------------------------------------------------- /poc/CVE-2017-18349/lib/fastjson-1.2.24.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2017-18349/lib/fastjson-1.2.24.jar -------------------------------------------------------------------------------- /poc/CVE-2017-18349/src/ExecPoC.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2017-18349/src/ExecPoC.java -------------------------------------------------------------------------------- /poc/CVE-2017-18349/src/PoC.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2017-18349/src/PoC.java -------------------------------------------------------------------------------- /poc/CVE-2021-45105.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2021-45105.md -------------------------------------------------------------------------------- /poc/CVE-2021-45105/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2021-45105/.gitignore -------------------------------------------------------------------------------- /poc/CVE-2021-45105/.idea/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2021-45105/.idea/.gitignore -------------------------------------------------------------------------------- /poc/CVE-2021-45105/.idea/encodings.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2021-45105/.idea/encodings.xml -------------------------------------------------------------------------------- /poc/CVE-2021-45105/.idea/jpa-buddy.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2021-45105/.idea/jpa-buddy.xml -------------------------------------------------------------------------------- /poc/CVE-2021-45105/.idea/misc.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2021-45105/.idea/misc.xml -------------------------------------------------------------------------------- /poc/CVE-2021-45105/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2021-45105/pom.xml -------------------------------------------------------------------------------- /poc/CVE-2021-45105/src/main/java/org/example/PoC.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2021-45105/src/main/java/org/example/PoC.java -------------------------------------------------------------------------------- /poc/CVE-2022-22963.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/poc/CVE-2022-22963.md -------------------------------------------------------------------------------- /poc/CVE-2022-22965.md: -------------------------------------------------------------------------------- 1 | # Spring4Shell (CVE-2022-22965) 2 | 3 | 4 | 5 | ## Ref 6 | - https://forum.butian.net/share/1496 -------------------------------------------------------------------------------- /vul/deserialization.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/vul/deserialization.md -------------------------------------------------------------------------------- /vul/el.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/vul/el.md -------------------------------------------------------------------------------- /vul/fileoperate.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /vul/inconsistency-url.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/vul/inconsistency-url.md -------------------------------------------------------------------------------- /vul/ognl.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/vul/ognl.md -------------------------------------------------------------------------------- /vul/rce.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/vul/rce.md -------------------------------------------------------------------------------- /vul/spel.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/vul/spel.md -------------------------------------------------------------------------------- /vul/sql.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/vul/sql.md -------------------------------------------------------------------------------- /vul/ssti.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/vul/ssti.md -------------------------------------------------------------------------------- /vul/upload.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/vul/upload.md -------------------------------------------------------------------------------- /vul/xxe.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReAbout/audit-java/HEAD/vul/xxe.md --------------------------------------------------------------------------------