File tree Expand file tree Collapse file tree 14 files changed +113
-145
lines changed
src/main/java/org/joychou Expand file tree Collapse file tree 14 files changed +113
-145
lines changed Original file line number Diff line number Diff line change 11# Java Security Code
22
3+ ## 介绍
34
4- - [ XMLInject] ( https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/XMLInjection.java )
5+ 该项目也可以叫做Java Vulnerability Code(Java漏洞代码)。
6+
7+ 每个漏洞类型代码默认存在安全漏洞(除非本身不存在漏洞),相关修复代码在注释里。
8+
9+ 详情可查看每个漏洞代码和注释。
10+
11+ ## 漏洞代码
12+
13+ - [ XXE] ( https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/XXE.java )
514- [ SSRF] ( https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SSRF.java )
615- [ URLRedirect] ( https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/URLRedirect.java )
716- [ IPForge] ( https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/IPForge.java )
1019- [ RCE] ( https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/Rce.java )
1120- [ Deserialize] ( https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/Deserialize.java )
1221
13- ## Usage
22+ ## 如何运行
1423
1524
1625### Tomcat
@@ -32,7 +41,21 @@ Viarus
3241
3342### IDEA
3443
35- 如果想在IDEA中直接运运行,需要进行两个操作:
44+ 如果想在IDEA中直接运行,需要在IDEA中添加Tomcat配置,步骤如下:
45+
46+ ```
47+ Run -> Edit Configurations -> 添加TomcatServer(Local) -> Server中配置Tomcat路径 -> Deployment中添加Artifact选择java-sec-code:war exploded
48+ ```
49+
3650
37- 1 . 覆盖适配IDEA的pom.xml ` mv pom.xml.idea pom.xml `
38- 2 . 覆盖适配IDEA的Application.java文件 ` mv Application.java.idea Application.java `
51+ 配置完成后,右上角直接点击run,即可运行。
52+
53+ ```
54+ http://localhost:8080/rce/exec?cmd=whoami
55+ ```
56+
57+ 返回
58+
59+ ```
60+ Viarus
61+ ```
Original file line number Diff line number Diff line change 4545 <SOURCES />
4646 </library >
4747 </orderEntry >
48+ <orderEntry type =" library" scope =" PROVIDED" name =" Maven: org.apache.tomcat:tomcat-servlet-api:8.0.36" level =" project"
4849 <orderEntry type =" library" name =" Maven: org.springframework.boot:spring-boot-starter-web:1.5.1.RELEASE" level =" project"
4950 <orderEntry type =" library" name =" Maven: org.springframework.boot:spring-boot-starter:1.5.1.RELEASE" level =" project"
5051 <orderEntry type =" library" name =" Maven: org.springframework.boot:spring-boot:1.5.1.RELEASE" level =" project"
Load Diff This file was deleted.
Load Diff This file was deleted.
Original file line number Diff line number Diff line change 99import javax .servlet .http .HttpServletResponse ;
1010
1111/**
12- * author: JoyChou (joychou@joychou.org)
13- * date: 2018.01.03
14- * desc: Java no http response splitting vuls (test in Java 1.7/1.8)
12+ * @ author: JoyChou (joychou@joychou.org)
13+ * @ date: 2018.01.03
14+ * @ desc: Java 1.7/1.8没有CRLF漏洞 (test in Java 1.7/1.8)
1515 */
1616
1717@ Controller
Original file line number Diff line number Diff line change 1111
1212/**
1313 * @author: JoyChou
14- * @Date: 2018年06月14日
15- * @Desc:将根目录的poc放到/tmp/poc就能在mac上弹计算器。该应用必须有Commons-Collections包才能利用反序列化。
14+ * @Date: 2018年06月14日
15+ * @Desc: 将根目录的poc放到/tmp/poc就能在mac上弹计算器。该应用必须有Commons-Collections包才能利用反序列化。
1616 */
1717
1818@ Controller
Original file line number Diff line number Diff line change 88import javax .servlet .http .HttpServletRequest ;
99
1010/**
11- * author: JoyChou (joychou@joychou.org)
12- * date: 2017.12.29
13- * desc: Java IP Forge security code
14- * detail: https ://joychou.org/web/how-to-get-real-ip.html
11+ * @ author: JoyChou (joychou@joychou.org)
12+ * @ date: 2017.12.29
13+ * @ desc: Java获取IP安全代码
14+ * @ detail: 关于获取IP不安全代码,详情可查看https ://joychou.org/web/how-to-get-real-ip.html
1515 */
1616
1717@ Controller
Original file line number Diff line number Diff line change 88
99
1010/**
11- * author: JoyChou (joychou@joychou.org)
12- * date: 2018.05.28
13- * desc: Index Page
11+ * @ author: JoyChou (joychou@joychou.org)
12+ * @ date: 2018.05.28
13+ * @ desc: Index Page
1414 */
1515
1616@ Controller
Original file line number Diff line number Diff line change 1010import java .io .InputStreamReader ;
1111
1212/**
13- * author: JoyChou (joychou@joychou.org)
14- * date: 2018.05.24
15- * desc: java xxe vuls code
16- * fix: filter parameters
13+ * @ author: JoyChou (joychou@joychou.org)
14+ * @ date: 2018.05.24
15+ * @ desc: java xxe vuls code
16+ * @ fix: 过滤造成命令执行的参数
1717 */
1818
1919@ Controller
You can’t perform that action at this time.
0 commit comments