Skip to content
/ JavaSec Public
forked from istoliving/JavaSec

Java安全,漏洞分析/挖掘/利用

0 stars 173 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Ta0ing/JavaSec

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

38 Commits
fileless-shell
fileless-shell
 
 
memo
memo
 
 
vulnerability-analysis
vulnerability-analysis
 
 
README.md
README.md
 
 

Repository files navigation

Focus on Java Security since November 1, 2021 👣

TODO

— 任务驱动式学习路线

  • 实现xxx中间件的内存马
  • 分析xxx应用的历史漏洞
  • 阅读xxx工具的源码
  • 开发xxx功能的工具

中间件 / 框架

  • Hessian

  • Hibernate

  • JBoss

  • Jetty

  • MyBatis

  • Resin

    • resin4 内存马(filter/servlet)
    • resin3 内存马(filter)

  • Shiro

    • 漏洞利用 修改key

  • Struts2

  • Spring

    • 内存马 (controller/interceptor)

  • Tomcat

    • 内存马 (filter/servlet/listener/value)

  • Weblogic

    • 内存马 (filter add/remove)
    • 内存马 (listener add/remove)
    • 内存马 (servlet add/remove)
    • 水坑部署模板-mitm_inject.jsp
      • 功能:利用水坑截取目标的用户名 & 密码

  • WebSphere

组件 / 库 / 类库

  • Fastjson
  • XMLDecoder
  • XStream
  • SnakeYAML
  • Jackson

About

Java安全,漏洞分析/挖掘/利用

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Java 100.0%