├── .gitignore ├── README.md ├── jdk8 ├── bytecodes │ ├── Foo.java │ ├── Hello.java │ └── HelloTemplatesImpl.java ├── pom.xml └── src │ └── main │ ├── java │ ├── com │ │ └── govuln │ │ │ ├── beans │ │ │ └── Cat.java │ │ │ ├── bytes │ │ │ ├── HelloBCEL.java │ │ │ ├── HelloClassLoader.java │ │ │ ├── HelloDefineClass.java │ │ │ └── HelloTemplatesImpl.java │ │ │ ├── client │ │ │ ├── JNDIClient.java │ │ │ ├── LDAPClient.java │ │ │ └── RMIClient.java │ │ │ ├── deserialization │ │ │ ├── CommonsBeanutils1.java │ │ │ ├── CommonsCollections1.java │ │ │ ├── CommonsCollections1For4.java │ │ │ ├── CommonsCollections2.java │ │ │ ├── CommonsCollections2TemplatesImpl.java │ │ │ ├── CommonsCollections3.java │ │ │ ├── CommonsCollections3For4.java │ │ │ ├── CommonsCollections6.java │ │ │ ├── CommonsCollections6For4.java │ │ │ ├── CommonsCollections6Multiple.java │ │ │ ├── CommonsCollectionsIntro.java │ │ │ ├── CommonsCollectionsIntro2.java │ │ │ ├── CommonsCollectionsIntro3.java │ │ │ ├── JDK7u21.java │ │ │ ├── TemplatesImplDeserialization.java │ │ │ └── URLDNS.java │ │ │ ├── js │ │ │ └── Eval.java │ │ │ ├── serialization │ │ │ ├── Converter.java │ │ │ ├── UserSerialization.java │ │ │ └── model │ │ │ │ └── User.java │ │ │ └── xxe │ │ │ ├── DocumentBuilderExample.java │ │ │ ├── SAXParserExample.java │ │ │ ├── XMLReaderExample.java │ │ │ ├── XMLStreamExample.java │ │ │ └── XPathExpressionExample.java │ └── evil │ │ ├── EvilTemplatesImpl.java │ │ └── Hello.java │ └── resources │ └── eval.js ├── shiroattack ├── pom.xml ├── shiroattack.iml └── src │ └── main │ └── java │ └── com │ └── govuln │ └── shiroattack │ ├── Client.java │ ├── Client0.java │ ├── Client1.java │ ├── CommonsBeanutils1Shiro.java │ ├── CommonsCollections6.java │ ├── CommonsCollectionsShiro.java │ └── Evil.java └── shirodemo ├── pom.xml ├── shirodemo.iml └── src └── main └── webapp ├── WEB-INF ├── shiro.ini └── web.xml ├── index.jsp └── login.jsp /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/.gitignore -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/README.md -------------------------------------------------------------------------------- /jdk8/bytecodes/Foo.java: -------------------------------------------------------------------------------- 1 | public class Foo { 2 | 3 | } -------------------------------------------------------------------------------- /jdk8/bytecodes/Hello.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/bytecodes/Hello.java -------------------------------------------------------------------------------- /jdk8/bytecodes/HelloTemplatesImpl.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/bytecodes/HelloTemplatesImpl.java -------------------------------------------------------------------------------- /jdk8/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/pom.xml -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/beans/Cat.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/beans/Cat.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/bytes/HelloBCEL.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/bytes/HelloBCEL.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/bytes/HelloClassLoader.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/bytes/HelloClassLoader.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/bytes/HelloDefineClass.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/bytes/HelloDefineClass.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/bytes/HelloTemplatesImpl.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/bytes/HelloTemplatesImpl.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/client/JNDIClient.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/client/JNDIClient.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/client/LDAPClient.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/client/LDAPClient.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/client/RMIClient.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/client/RMIClient.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/deserialization/CommonsBeanutils1.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/deserialization/CommonsBeanutils1.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/deserialization/CommonsCollections1.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/deserialization/CommonsCollections1.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/deserialization/CommonsCollections1For4.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/deserialization/CommonsCollections1For4.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/deserialization/CommonsCollections2.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/deserialization/CommonsCollections2.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/deserialization/CommonsCollections2TemplatesImpl.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/deserialization/CommonsCollections2TemplatesImpl.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/deserialization/CommonsCollections3.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/deserialization/CommonsCollections3.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/deserialization/CommonsCollections3For4.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/deserialization/CommonsCollections3For4.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/deserialization/CommonsCollections6.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/deserialization/CommonsCollections6.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/deserialization/CommonsCollections6For4.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/deserialization/CommonsCollections6For4.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/deserialization/CommonsCollections6Multiple.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/deserialization/CommonsCollections6Multiple.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/deserialization/CommonsCollectionsIntro.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/deserialization/CommonsCollectionsIntro.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/deserialization/CommonsCollectionsIntro2.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/deserialization/CommonsCollectionsIntro2.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/deserialization/CommonsCollectionsIntro3.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/deserialization/CommonsCollectionsIntro3.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/deserialization/JDK7u21.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/deserialization/JDK7u21.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/deserialization/TemplatesImplDeserialization.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/deserialization/TemplatesImplDeserialization.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/deserialization/URLDNS.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/deserialization/URLDNS.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/js/Eval.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/js/Eval.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/serialization/Converter.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/serialization/Converter.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/serialization/UserSerialization.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/serialization/UserSerialization.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/serialization/model/User.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/serialization/model/User.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/xxe/DocumentBuilderExample.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/xxe/DocumentBuilderExample.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/xxe/SAXParserExample.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/xxe/SAXParserExample.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/xxe/XMLReaderExample.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/xxe/XMLReaderExample.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/xxe/XMLStreamExample.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/xxe/XMLStreamExample.java -------------------------------------------------------------------------------- /jdk8/src/main/java/com/govuln/xxe/XPathExpressionExample.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/com/govuln/xxe/XPathExpressionExample.java -------------------------------------------------------------------------------- /jdk8/src/main/java/evil/EvilTemplatesImpl.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/evil/EvilTemplatesImpl.java -------------------------------------------------------------------------------- /jdk8/src/main/java/evil/Hello.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/java/evil/Hello.java -------------------------------------------------------------------------------- /jdk8/src/main/resources/eval.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/jdk8/src/main/resources/eval.js -------------------------------------------------------------------------------- /shiroattack/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/shiroattack/pom.xml -------------------------------------------------------------------------------- /shiroattack/shiroattack.iml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/shiroattack/shiroattack.iml -------------------------------------------------------------------------------- /shiroattack/src/main/java/com/govuln/shiroattack/Client.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/shiroattack/src/main/java/com/govuln/shiroattack/Client.java -------------------------------------------------------------------------------- /shiroattack/src/main/java/com/govuln/shiroattack/Client0.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/shiroattack/src/main/java/com/govuln/shiroattack/Client0.java -------------------------------------------------------------------------------- /shiroattack/src/main/java/com/govuln/shiroattack/Client1.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/shiroattack/src/main/java/com/govuln/shiroattack/Client1.java -------------------------------------------------------------------------------- /shiroattack/src/main/java/com/govuln/shiroattack/CommonsBeanutils1Shiro.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/shiroattack/src/main/java/com/govuln/shiroattack/CommonsBeanutils1Shiro.java -------------------------------------------------------------------------------- /shiroattack/src/main/java/com/govuln/shiroattack/CommonsCollections6.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/shiroattack/src/main/java/com/govuln/shiroattack/CommonsCollections6.java -------------------------------------------------------------------------------- /shiroattack/src/main/java/com/govuln/shiroattack/CommonsCollectionsShiro.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/shiroattack/src/main/java/com/govuln/shiroattack/CommonsCollectionsShiro.java -------------------------------------------------------------------------------- /shiroattack/src/main/java/com/govuln/shiroattack/Evil.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/shiroattack/src/main/java/com/govuln/shiroattack/Evil.java -------------------------------------------------------------------------------- /shirodemo/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/shirodemo/pom.xml -------------------------------------------------------------------------------- /shirodemo/shirodemo.iml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/shirodemo/shirodemo.iml -------------------------------------------------------------------------------- /shirodemo/src/main/webapp/WEB-INF/shiro.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/shirodemo/src/main/webapp/WEB-INF/shiro.ini -------------------------------------------------------------------------------- /shirodemo/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/shirodemo/src/main/webapp/WEB-INF/web.xml -------------------------------------------------------------------------------- /shirodemo/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/shirodemo/src/main/webapp/index.jsp -------------------------------------------------------------------------------- /shirodemo/src/main/webapp/login.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phith0n/JavaThings/HEAD/shirodemo/src/main/webapp/login.jsp --------------------------------------------------------------------------------