Home
Awesome
JavaVulnSummary
用来练习Java代码审计的集合。
分析文章
代码地址
由JDK7u21反序列化漏洞引起的对TemplatesImpl的深入学习
https://github.com/R17a-17/JavaVulnSummary/tree/main/ysoserial/src/main/java/com/r17a/ysoserial/jdk7u21
关于JDK7u21 Gadgets两个问题的探讨
https://github.com/R17a-17/JavaVulnSummary/tree/main/ysoserial/src/main/java/com/r17a/ysoserial/jdk7u21
WebLogic CVE-2021-2135分析及POC构造遇到的问题
https://github.com/R17a-17/JavaVulnSummary/blob/main/weblogic/src/main/java/com/r17a/weblogic/cve/CVE_2021_2135.java
反序列化入口PriorityQueue分析及相关Gadget总结
https://github.com/R17a-17/JavaVulnSummary/blob/main/weblogic/src/main/java/com/r17a/weblogic/
<br>
https://github.com/R17a-17/JavaVulnSummary/tree/main/ysoserial/src/main/java/com/r17a/ysoserial/
Java反序列化和集合之间的渊源
https://github.com/R17a-17/JavaVulnSummary/tree/main/ysoserial/src/main/java/com/r17a/ysoserial/
Jenkins Nested View插件XXE漏洞(CVE-2021-21680)分析
Java XXE漏洞实验及总结
https://github.com/R17a-17/JavaVulnSummary/tree/main/owasp/src/main/java/com/r17a/commonvuln/securitymissconfig/xxe
Jenkins Code Coverage API 插件漏洞分
https://github.com/R17a-17/JavaVulnSummary/blob/main/jenkins/src/main/java/com/r17a/jenkins/CVE_2021_21677.java
Java命令执行总结
https://github.com/R17a-17/JavaVulnSummary/tree/main/owasp/src/main/java/com/r17a/commonvuln/injection/command
Java文件操作类漏洞总结
https://github.com/R17a-17/JavaVulnSummary/tree/main/owasp/src/main/java/com/r17a/commonvuln/file
Java SSRF漏洞总结
https://github.com/R17a-17/JavaVulnSummary/blob/main/owasp/src/main/java/com/r17a/commonvuln/ssrf/Ssrf.java
[URL跳转和重定向](
https://r17a-17.github.io/2021/09/21/Java
URL跳转总结/)
Java SecurityManager学习
https://github.com/R17a-17/JavaVulnSummary/tree/main/owasp/src/main/java/com/r17a/commonvuln/securitymissconfig/securitymanager
一文读懂OGNL漏洞
<br>
Java表达式注入
https://github.com/R17a-17/JavaVulnSummary/tree/main/owasp/src/main/java/com/r17a/commonvuln/injection/expression