Skip to content

Commit 9ce7da4

Browse files
whgojpwhgojp
committed
add xstream module
1 parent 182e7b3 commit 9ce7da4

File tree

3 files changed

+34
-33
lines changed

3 files changed

+34
-33
lines changed

src/main/java/top/whgojp/modules/components/xstream/controller/XstreamController.java

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,13 +30,24 @@ public String xstream() {
3030
return "vul/components/xstream";
3131
}
3232

33+
// @RequestMapping("/vul")
34+
// @ResponseBody
35+
// public String vulXstream(@RequestBody String content) {
36+
// log.info("组件漏洞-Xstream\n"+"Payload:"+content);
37+
// XStream xs = new XStream();
38+
// xs.fromXML(content);
39+
// return "组件漏洞-Xstream Vul";
40+
// }
41+
3342
@RequestMapping("/vul")
3443
@ResponseBody
3544
public String vulXstream(@RequestBody String content) {
36-
log.info("组件漏洞-Xstream\n"+"Payload:"+content);
45+
log.info("组件漏洞-Xstream\n" + "Payload:" + content);
3746
XStream xs = new XStream();
38-
xs.fromXML(content);
39-
return "组件漏洞-Xstream Vul";
47+
Object result = xs.fromXML(content); // 反序列化得到的对象
48+
49+
// 检查反序列化后的结果并返回相关信息
50+
return "组件漏洞-Xstream Vul, 反序列化结果: \n" + result.toString();
4051
}
4152

4253
@RequestMapping("/safe-BlackList")
@@ -63,6 +74,7 @@ public String safeXstreamWhiteList(@RequestBody String content) {
6374
return "组件漏洞-Xstream Safe-WhiteList";
6475
}
6576

77+
// CVE-2020-26259 任意文件删除示例
6678
public static void main(String[] args) {
6779
String xml_poc = "<map>\n" +
6880
" <entry>\n" +

src/main/resources/static/js/staticcode.js

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1693,9 +1693,11 @@ const safeFastjson = "@PostMapping(\"/safe\")\n" +
16931693
const vulXstream = "@RequestMapping(\"/vul\")\n" +
16941694
"@ResponseBody\n" +
16951695
"public String vulXstream(@RequestBody String content) {\n" +
1696-
" XStream xs = new XStream();\n" +
1697-
" xs.fromXML(content);\n" +
1698-
" return \"XStream Vul\";\n" +
1696+
"\tXStream xs = new XStream();\n" +
1697+
"\tObject result = xs.fromXML(content); // 反序列化得到的对象\n" +
1698+
"\n" +
1699+
"\t// 检查反序列化后的结果并返回相关信息\n" +
1700+
"\treturn \"组件漏洞-Xstream Vul, 反序列化结果: \\n\" + result.toString();\n" +
16991701
"}"
17001702

17011703
const safeXstreamBlackList = "@RequestMapping(\"/safe-BlackList\")\n" +

src/main/resources/templates/vul/components/xstream.html

Lines changed: 14 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ <h1><span class="iconfont icon-bug"> 漏洞环境</span></h1>
2626
<div class="layui-tab-content">
2727
<div class="layui-tab-item layui-show">
2828
<blockquote class="layui-elem-quote main_btn">
29-
<p>漏洞环境</p>
29+
<p>点击跳转后需要自行构造触发payload</p>
3030
<a target="_blank" href='/xstream/vul'>
3131
<button class="layui-btn layui-btn-normal" style="width: 100px; margin-left: 10px;">
3232
<span class="iconfont icon-zhihang">Run</span>
@@ -35,14 +35,14 @@ <h1><span class="iconfont icon-bug"> 漏洞环境</span></h1>
3535
</blockquote>
3636
</div>
3737

38-
<div class="layui-col-md12">
39-
<div class="layui-card">
40-
<div class="layui-card-header"><i class="fa fa-bullhorn icon-tip"></i>tips</div>
41-
<div class="layui-card-body layui-text layadmin-text">
42-
<pre style="color: #28333e;font-size: 15px;">测试Payload:{"test":{"@type":"java.net.Inet4Address","val":"dnslog.com"}}</pre>
43-
</div>
44-
</div>
45-
</div>
38+
<!-- <div class="layui-col-md12">-->
39+
<!-- <div class="layui-card">-->
40+
<!-- <div class="layui-card-header"><i class="fa fa-bullhorn icon-tip"></i>tips</div>-->
41+
<!-- <div class="layui-card-body layui-text layadmin-text">-->
42+
<!-- <pre style="color: #28333e;font-size: 15px;">测试Payload:{"test":{"@type":"java.net.Inet4Address","val":"dnslog.com"}}</pre>-->
43+
<!-- </div>-->
44+
<!-- </div>-->
45+
<!-- </div>-->
4646

4747
</div>
4848
</div>
@@ -64,27 +64,15 @@ <h1><span class="iconfont icon-anquan"> 安全环境:黑名单</span></h1>
6464
<div class="layui-tab-content">
6565
<div class="layui-tab-item layui-show">
6666
<blockquote class="layui-elem-quote main_btn">
67-
<p>白名单过滤</p>
68-
<a target="_blank" href='/fastjson/safe-BlackList'>
67+
<p>黑名单过滤</p>
68+
<a target="_blank" href='/xstream/safe-BlackList'>
6969
<button class="layui-btn layui-btn-normal" style="width: 100px; margin-left: 10px;">
7070
<span class="iconfont icon-zhihang">Run</span>
7171
</button>
7272
</a>
7373
</blockquote>
7474
</div>
7575

76-
<div class="layui-col-md12">
77-
<div class="layui-card">
78-
<div class="layui-card-header"><i class="fa fa-bullhorn icon-tip"></i>tips</div>
79-
<div class="layui-card-body layui-text layadmin-text">
80-
<pre style="color: #28333e;font-size: 15px;">安全编码规范:
81-
1、使用@ResponseBody或@RestController修饰
82-
2、使用redirect:或forward:修饰
83-
3、设置为HttpServletResponse</pre>
84-
</div>
85-
</div>
86-
</div>
87-
8876
</div>
8977
</div>
9078
</div>
@@ -107,7 +95,7 @@ <h1><span class="iconfont icon-anquan"> 安全环境:白名单</span></h1>
10795
<div class="layui-tab-item layui-show">
10896
<blockquote class="layui-elem-quote main_btn">
10997
<p>白名单过滤</p>
110-
<a target="_blank" href='/fastjson/safe-WhiteList'>
98+
<a target="_blank" href='/xstream/safe-WhiteList'>
11199
<button class="layui-btn layui-btn-normal" style="width: 100px; margin-left: 10px;">
112100
<span class="iconfont icon-zhihang">Run</span>
113101
</button>
@@ -120,9 +108,8 @@ <h1><span class="iconfont icon-anquan"> 安全环境:白名单</span></h1>
120108
<div class="layui-card-header"><i class="fa fa-bullhorn icon-tip"></i>tips</div>
121109
<div class="layui-card-body layui-text layadmin-text">
122110
<pre style="color: #28333e;font-size: 15px;">安全编码规范:
123-
1、使用@ResponseBody或@RestController修饰
124-
2、使用redirect:或forward:修饰
125-
3、设置为HttpServletResponse</pre>
111+
1、升级方案:升级Xstream组件到1.4.17或最新版本
112+
2、非升级修复:1.4.10后可启动默认安全配置 setupDefaultSecurity()</pre>
126113
</div>
127114
</div>
128115
</div>

0 commit comments

Comments
 (0)