Skip to content
/ JavaSec Public
forked from istoliving/JavaSec

Java安全,漏洞分析/挖掘/利用

0 stars 173 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Ta0ing/JavaSec

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
fileless-shell
fileless-shell
 
 
memo
memo
 
 
README.md
README.md
 
 

Repository files navigation

Focus on Java Security since November 1, 2021 👣

TODO

— 任务驱动式学习路线

  • 实现xxx中间件的内存马
  • 分析xxx应用的历史漏洞
  • 阅读xxx工具的源码
  • 开发xxx功能的工具

中间件 / 框架

  • Hessian

  • Hibernate

  • JBoss

  • Jetty

  • MyBatis

  • Resin

    • resin4 内存马(filter/servlet)
    • resin3 内存马(filter)

  • Shiro

    • 漏洞利用 修改key

  • Struts2

  • Spring

    • 内存马 (controller/interceptor)

  • Tomcat

    • 内存马 (filter/servlet/listener/value)

  • Weblogic

    • 内存马 (filter) 12.1.3.0.0

  • WebSphere

组件 / 库 / 类库

  • Fastjson
  • XMLDecoder
  • XStream
  • SnakeYAML
  • Jackson

About

Java安全,漏洞分析/挖掘/利用

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Java 100.0%