René's URL Explorer Experiment


Title: GitHub - log4she11/JavaSec: a rep for documenting my study, may be from 0 to 0.1 · GitHub

Open Graph Title: GitHub - log4she11/JavaSec: a rep for documenting my study, may be from 0 to 0.1

X Title: GitHub - log4she11/JavaSec: a rep for documenting my study, may be from 0 to 0.1

Description: a rep for documenting my study, may be from 0 to 0.1 - log4she11/JavaSec

Open Graph Description: a rep for documenting my study, may be from 0 to 0.1 - log4she11/JavaSec

X Description: a rep for documenting my study, may be from 0 to 0.1 - log4she11/JavaSec

Opengraph URL: https://github.com/log4she11/JavaSec

X: @github

direct link

Domain: github.com

route-pattern/:user_id/:repository
route-controllerfiles
route-actiondisambiguate
fetch-noncev2:eace0506-027b-91c6-409a-45eaeb5d49be
current-catalog-service-hashf3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
request-id9ADA:2D34EE:128824F:190E306:6A55762A
html-safe-noncef12766093a64359408465e87aab4f3d4a5252e36127b924e19028826fc633777
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI5QURBOjJEMzRFRToxMjg4MjRGOjE5MEUzMDY6NkE1NTc2MkEiLCJ2aXNpdG9yX2lkIjoiMjkwMjI0ODgyNjkxOTU0ODQ1OCIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9
visitor-hmacef7631b8d833add2b6e47e690ea0a9292fcec2cad88883a9a2fa7721db2cd6ae
hovercard-subject-tagrepository:430434984
github-keyboard-shortcutsrepository,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location//
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/log4she11/JavaSec
twitter:imagehttps://opengraph.githubassets.com/85557706711990202f3149049fcc15f94b59236a6a5ee67f3ef3f814a39e6217/log4she11/JavaSec
twitter:cardsummary_large_image
og:imagehttps://opengraph.githubassets.com/85557706711990202f3149049fcc15f94b59236a6a5ee67f3ef3f814a39e6217/log4she11/JavaSec
og:image:alta rep for documenting my study, may be from 0 to 0.1 - log4she11/JavaSec
og:image:width1200
og:image:height600
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
Noneb5665c84831ed9ac4fb79519c16c9c5580ba8092fb8bb6e3e72972ec7197348e
turbo-cache-controlno-cache
go-importgithub.com/log4she11/JavaSec git https://github.com/log4she11/JavaSec.git
octolytics-dimension-user_id6874179
octolytics-dimension-user_loginlog4she11
octolytics-dimension-repository_id430434984
octolytics-dimension-repository_nwolog4she11/JavaSec
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forktrue
octolytics-dimension-repository_parent_id418301081
octolytics-dimension-repository_parent_nwoY4tacker/JavaSec
octolytics-dimension-repository_network_root_id418301081
octolytics-dimension-repository_network_root_nwoY4tacker/JavaSec
turbo-body-classeslogged-out env-production page-responsive
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
release617ea94e2807dc3052601c560530bb3f8259bc9a
ui-targetcanary-1
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/log4she11/JavaSec#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Flog4she11%2FJavaSec
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub Copilot appDirect agents from issue to mergehttps://github.com/features/ai/github-app
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
View all resourceshttps://github.com/resources
GitHub SponsorsFund open source developershttps://github.com/open-source/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/open-source/accelerator
GitHub Starshttps://stars.github.com
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/enterprise/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Flog4she11%2FJavaSec
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E&source=header-repo&source_repo=log4she11%2FJavaSec
Reloadhttps://github.com/log4she11/JavaSec
Reloadhttps://github.com/log4she11/JavaSec
Reloadhttps://github.com/log4she11/JavaSec
log4she11 https://github.com/log4she11
JavaSechttps://github.com/log4she11/JavaSec
Y4tacker/JavaSechttps://github.com/Y4tacker/JavaSec
Notifications https://github.com/login?return_to=%2Flog4she11%2FJavaSec
Fork 0 https://github.com/login?return_to=%2Flog4she11%2FJavaSec
Star 0 https://github.com/login?return_to=%2Flog4she11%2FJavaSec
Code https://github.com/log4she11/JavaSec
Pull requests 0 https://github.com/log4she11/JavaSec/pulls
Actions https://github.com/log4she11/JavaSec/actions
Projects https://github.com/log4she11/JavaSec/projects
Security and quality 0 https://github.com/log4she11/JavaSec/security
Insights https://github.com/log4she11/JavaSec/pulse
Code https://github.com/log4she11/JavaSec
Pull requests https://github.com/log4she11/JavaSec/pulls
Actions https://github.com/log4she11/JavaSec/actions
Projects https://github.com/log4she11/JavaSec/projects
Security and quality https://github.com/log4she11/JavaSec/security
Insights https://github.com/log4she11/JavaSec/pulse
https://github.com/log4she11/JavaSec
Brancheshttps://github.com/log4she11/JavaSec/branches
Tagshttps://github.com/log4she11/JavaSec/tags
https://github.com/log4she11/JavaSec/branches
https://github.com/log4she11/JavaSec/tags
261 Commitshttps://github.com/log4she11/JavaSec/commits/main/
https://github.com/log4she11/JavaSec/commits/main/
0.开发学习/SpringBoot2https://github.com/log4she11/JavaSec/tree/main/0.%E5%BC%80%E5%8F%91%E5%AD%A6%E4%B9%A0/SpringBoot2
0.开发学习/SpringBoot2https://github.com/log4she11/JavaSec/tree/main/0.%E5%BC%80%E5%8F%91%E5%AD%A6%E4%B9%A0/SpringBoot2
1.基础知识https://github.com/log4she11/JavaSec/tree/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86
1.基础知识https://github.com/log4she11/JavaSec/tree/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86
2.CC专区https://github.com/log4she11/JavaSec/tree/main/2.CC%E4%B8%93%E5%8C%BA
2.CC专区https://github.com/log4she11/JavaSec/tree/main/2.CC%E4%B8%93%E5%8C%BA
3.FastJson专区https://github.com/log4she11/JavaSec/tree/main/3.FastJson%E4%B8%93%E5%8C%BA
3.FastJson专区https://github.com/log4she11/JavaSec/tree/main/3.FastJson%E4%B8%93%E5%8C%BA
4.Weblogic专区https://github.com/log4she11/JavaSec/tree/main/4.Weblogic%E4%B8%93%E5%8C%BA
4.Weblogic专区https://github.com/log4she11/JavaSec/tree/main/4.Weblogic%E4%B8%93%E5%8C%BA
5.内存马学习https://github.com/log4she11/JavaSec/tree/main/5.%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0
5.内存马学习https://github.com/log4she11/JavaSec/tree/main/5.%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0
6.JavaAgenthttps://github.com/log4she11/JavaSec/tree/main/6.JavaAgent
6.JavaAgenthttps://github.com/log4she11/JavaSec/tree/main/6.JavaAgent
7.Struts2专区https://github.com/log4she11/JavaSec/tree/main/7.Struts2%E4%B8%93%E5%8C%BA
7.Struts2专区https://github.com/log4she11/JavaSec/tree/main/7.Struts2%E4%B8%93%E5%8C%BA
其他https://github.com/log4she11/JavaSec/tree/main/%E5%85%B6%E4%BB%96
其他https://github.com/log4she11/JavaSec/tree/main/%E5%85%B6%E4%BB%96
填坑文件夹https://github.com/log4she11/JavaSec/tree/main/%E5%A1%AB%E5%9D%91%E6%96%87%E4%BB%B6%E5%A4%B9
填坑文件夹https://github.com/log4she11/JavaSec/tree/main/%E5%A1%AB%E5%9D%91%E6%96%87%E4%BB%B6%E5%A4%B9
.gitignorehttps://github.com/log4she11/JavaSec/blob/main/.gitignore
.gitignorehttps://github.com/log4she11/JavaSec/blob/main/.gitignore
LICENSEhttps://github.com/log4she11/JavaSec/blob/main/LICENSE
LICENSEhttps://github.com/log4she11/JavaSec/blob/main/LICENSE
README.mdhttps://github.com/log4she11/JavaSec/blob/main/README.md
README.mdhttps://github.com/log4she11/JavaSec/blob/main/README.md
READMEhttps://github.com/log4she11/JavaSec
Apache-2.0 licensehttps://github.com/log4she11/JavaSec
https://github.com/log4she11/JavaSec#javasec
https://github.com/log4she11/JavaSec#1基础篇
Java反射https://github.com/Stakcery/JavaSec/blob/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/%E5%8F%8D%E5%B0%84/%E5%8F%8D%E5%B0%84.md
Java动态代理https://github.com/Stakcery/JavaSec/blob/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/%E5%8A%A8%E6%80%81%E4%BB%A3%E7%90%86/%E5%8A%A8%E6%80%81%E4%BB%A3%E7%90%86.md
JNDI注入https://www.mi1k7ea.com/2019/09/15/%E6%B5%85%E6%9E%90JNDI%E6%B3%A8%E5%85%A5/
反序列化https://www.zhihu.com/question/47794528/answer/672095170
类加载器与双亲委派模型https://github.com/Stakcery/JavaSec/blob/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/%E7%B1%BB%E5%8A%A0%E8%BD%BD%E5%99%A8%E4%B8%8E%E5%8F%8C%E4%BA%B2%E5%A7%94%E6%B4%BE%E6%A8%A1%E5%9E%8B/%E7%B1%BB%E5%8A%A0%E8%BD%BD%E5%99%A8%E4%B8%8E%E5%8F%8C%E4%BA%B2%E5%A7%94%E6%B4%BE%E6%A8%A1%E5%9E%8B.md
两种实现Java类隔离加载的方法https://max.book118.com/html/2021/0415/5213012132003221.shtm
ClassLoader(类加载机制)https://github.com/Stakcery/JavaSec/blob/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/ClassLoader(%E7%B1%BB%E5%8A%A0%E8%BD%BD%E6%9C%BA%E5%88%B6)/ClassLoader(%E7%B1%BB%E5%8A%A0%E8%BD%BD%E6%9C%BA%E5%88%B6).md
SPI学习https://github.com/Stakcery/JavaSec/blob/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/SPI/SPI.md
Java 类字节码编辑https://github.com/Stakcery/JavaSec/blob/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/Java%20%E7%B1%BB%E5%AD%97%E8%8A%82%E7%A0%81%E7%BC%96%E8%BE%91/Java%20%E7%B1%BB%E5%AD%97%E8%8A%82%E7%A0%81%E7%BC%96%E8%BE%91.md
https://github.com/log4she11/JavaSec#2cc专区ysoserial专区
CommonsCollections1笔记https://github.com/Stakcery/JavaSec/blob/main/2.CC%E4%B8%93%E5%8C%BA/CommonsCollections1/CommonsCollections1.md
CommonsCollections2笔记https://github.com/Stakcery/JavaSec/blob/main/2.CC%E4%B8%93%E5%8C%BA/CommonsCollections2/CommonsCollections2.md
CommonsCollections3笔记https://github.com/Stakcery/JavaSec/blob/main/2.CC%E4%B8%93%E5%8C%BA/CommonsCollections3/CommonsCollections3.md
CommonsCollections5笔记https://github.com/Stakcery/JavaSec/blob/main/2.CC%E4%B8%93%E5%8C%BA/CommonsCollections5/CommonsCollections5.md
CommonsCollections6-HashSet笔记https://github.com/Stakcery/JavaSec/blob/main/2.CC%E4%B8%93%E5%8C%BA/CommonsCollections6-HashSet/CommonsCollections6-HashSet.md
CommonsCollections6-HashMap笔记https://github.com/Stakcery/JavaSec/blob/main/2.CC%E4%B8%93%E5%8C%BA/CommonsCollections6-HashMap/CommonsCollections6-HashMap.md
CommonsCollections6-Shiro1.2.4笔记https://github.com/Stakcery/JavaSec/blob/main/2.CC%E4%B8%93%E5%8C%BA/CommonsCollections6-Shiro1.2.4/CommonsCollections6-Shiro1.2.4.md
CommonsCollections7笔记https://github.com/Stakcery/JavaSec/blob/main/2.CC%E4%B8%93%E5%8C%BA/CommonsCollections7/CommonsCollections7.md
使用TemplatesImpl改造CommonsCollections2https://github.com/Stakcery/JavaSec/blob/main/2.CC%E4%B8%93%E5%8C%BA/%E4%BD%BF%E7%94%A8TemplatesImpl%E6%94%B9%E9%80%A0CommonsCollections2/%E4%BD%BF%E7%94%A8TemplatesImpl%E6%94%B9%E9%80%A0CommonsCollections2.md
CommonsBeanutils1笔记https://github.com/Stakcery/JavaSec/blob/main/2.CC%E4%B8%93%E5%8C%BA/CommonsBeanutils1/CommonsBeanutils1%E7%AC%94%E8%AE%B0.md
CommonsBeanutils1-Shiro(无CC依赖)https://github.com/Stakcery/JavaSec/blob/main/2.CC%E4%B8%93%E5%8C%BA/CommonsBeanutils1-Shiro(%E6%97%A0CC%E4%BE%9D%E8%B5%96)/CommonsBeanutils1-Shiro(%E6%97%A0CC%E4%BE%9D%E8%B5%96).md
C3P0利用链简单分析https://github.com/Stakcery/JavaSec/blob/main/2.CC%E4%B8%93%E5%8C%BA/C3P0/C3P0.md
C3P0Tomcat不出网利用(思路就是之前高版本JNDI注入的思路)http://www.yulegeyu.com/2021/10/10/JAVA%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B9%8BC3P0%E4%B8%8D%E5%87%BA%E7%BD%91%E5%88%A9%E7%94%A8/
MySQL-JDBC-反序列化漏洞https://github.com/Stakcery/JavaSec/blob/main/2.CC%E4%B8%93%E5%8C%BA/MySQL-JDBC-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E/MySQL%20JDBC-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E.md
反制Ysoserial0.0.6版本-JRMP(打个标签weblogic搞定后看看)https://github.com/Stakcery/JavaSec/blob/main/2.CC%E4%B8%93%E5%8C%BA/%E5%8F%8D%E5%88%B6Ysoserial0.0.6%E7%89%88%E6%9C%AC-JRMP/%E5%8F%8D%E5%88%B6Ysoserial0.0.6%E7%89%88%E6%9C%AC-JRMP.md
网上看到的神秘套娃CommonsCollections11https://github.com/Stakcery/JavaSec/blob/main/2.CC%E4%B8%93%E5%8C%BA/CommonsCollections11/CommonsCollections11.md
https://github.com/log4she11/JavaSec#3fastjson专区
Fastjson基本用法https://github.com/Stakcery/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/Fastjson%E5%9F%BA%E6%9C%AC%E7%94%A8%E6%B3%95/Fastjson%E5%9F%BA%E6%9C%AC%E7%94%A8%E6%B3%95.md
Fastjson1.1.15-1.2.4与BCEL字节码加载https://github.com/Stakcery/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/Fastjson1.1.15-1.2.4%E4%B8%8EBCEL%E5%AD%97%E8%8A%82%E7%A0%81%E5%8A%A0%E8%BD%BD/Fastjson1.1.15-1.2.4%E4%B8%8EBCEL%E5%AD%97%E8%8A%82%E7%A0%81%E5%8A%A0%E8%BD%BD.md
Fastjson1.22-1.24反序列化分析之JNDIhttps://github.com/Stakcery/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/Fastjson1.22-1.24/Fastjson1.22-1.24%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%88%86%E6%9E%90%E4%B9%8BJNDI/Fastjson1.22-1.24.md
Fastjson1.22-1.24反序列化分析之TemplateImplhttps://github.com/Stakcery/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/Fastjson1.22-1.24/Fastjson1.22-1.24%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%88%86%E6%9E%90%E4%B9%8BTemplateImpl/Fastjson1.22-1.24.md
Fastjson1.2.25-1.2.41补丁绕过(用L;绕过、需要开启autotype)https://github.com/Stakcery/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/Bypass/Fastjson1.2.25-1.2.41%E8%A1%A5%E4%B8%81%E7%BB%95%E8%BF%87/Fastjson1.2.25-1.2.41%E8%A1%A5%E4%B8%81%E7%BB%95%E8%BF%87.md
Fastjson1.2.25-1.2.42补丁绕过(双写L;绕过、需要开启autotype)https://github.com/Stakcery/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/Bypass/Fastjson1.2.25-1.2.42%E8%A1%A5%E4%B8%81%E7%BB%95%E8%BF%87/Fastjson1.2.25-1.2.42%E8%A1%A5%E4%B8%81%E7%BB%95%E8%BF%87.md
Fastjson1.2.25-1.2.43补丁绕过(用左中括号绕过、需要开启autotype)https://github.com/Stakcery/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/Bypass/Fastjson1.2.25-1.2.43%E8%A1%A5%E4%B8%81%E7%BB%95%E8%BF%87/Fastjson1.2.25-1.2.43%E8%A1%A5%E4%B8%81%E7%BB%95%E8%BF%87.md
Fastjson1.2.25-1.2.45补丁绕过(mybatis的3.x版本且<3.5.0、需要开启autotype)https://github.com/Stakcery/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/Bypass/Fastjson1.2.25-1.2.45%E8%A1%A5%E4%B8%81%E7%BB%95%E8%BF%87/Fastjson1.2.25-1.2.45%E8%A1%A5%E4%B8%81%E7%BB%95%E8%BF%87.md
Fastjson1.2.25-1.2.47绕过https://github.com/Stakcery/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/Bypass/Fastjson1.2.25-1.2.47%E7%BB%95%E8%BF%87%E6%97%A0%E9%9C%80AutoType/Fastjson1.2.25-1.2.47%E7%BB%95%E8%BF%87%E6%97%A0%E9%9C%80AutoType.md
Fastjson1.2.48-1.2.68反序列化漏洞https://www.anquanke.com/post/id/232774
Fastjson1.2.68不使用ref引用,不用parseObject触发get方法https://su18.org/post/fastjson-1.2.68/#getter-%E6%96%B9%E6%B3%95%E8%B0%83%E7%94%A8
关于blackhat2021披露的fastjson1.2.68链的一些细节,防止公众号以后找不到同目录下有备份https://mp.weixin.qq.com/s?__biz=MzUzNDMyNjI3Mg==&mid=2247484866&idx=1&sn=23fb7897f6e54cdf61031a65c602487d&scene=21#wechat_redirect
2021L3HCTF中关于Fastjson1.2.68的骚操作https://github.com/Stakcery/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/%E5%85%B6%E4%BB%96/L3HCTF%202021%20Official%20Write%20Up.pdf
一些有趣的Trickhttps://github.com/Stakcery/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/%E6%9C%89%E8%B6%A3Trick/FastJson%20Trick.md
https://github.com/log4she11/JavaSec#4weblogic专区
T3协议学习https://github.com/Stakcery/JavaSec/blob/main/4.Weblogic%E4%B8%93%E5%8C%BA/T3%E5%8D%8F%E8%AE%AE%E5%AD%A6%E4%B9%A0/T3%E5%8D%8F%E8%AE%AE%E5%AD%A6%E4%B9%A0.md
CVE-2015-4852复现分析https://github.com/Stakcery/JavaSec/blob/main/4.Weblogic%E4%B8%93%E5%8C%BA/CVE-2015-4852%E5%A4%8D%E7%8E%B0%E5%88%86%E6%9E%90/CVE-2015-4852%E5%A4%8D%E7%8E%B0%E5%88%86%E6%9E%90.md
Weblogic使用ClassLoader和RMI来回显命令执行结果https://xz.aliyun.com/t/7228
https://github.com/log4she11/JavaSec#5内存马学习专区
JavaWeb与Tomcat介绍https://github.com/Stakcery/JavaSec/blob/main/5.%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0/Tomcat/Tomcat%E4%BB%8B%E7%BB%8D/Tomcat%E4%BB%8B%E7%BB%8D.md
Tomcat-Listener型内存马https://github.com/Stakcery/JavaSec/blob/main/5.%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0/Tomcat/Tomcat-Listener%E5%9E%8B%E5%86%85%E5%AD%98%E9%A9%AC/Tomcat-Listener%E5%9E%8B%E5%86%85%E5%AD%98%E9%A9%AC.md
Tomcat-Filter型内存马https://github.com/Stakcery/JavaSec/blob/main/5.%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0/Tomcat/Tomcat-Filter%E5%9E%8B%E5%86%85%E5%AD%98%E9%A9%AC/Tomcat-Filter%E5%9E%8B%E5%86%85%E5%AD%98%E9%A9%AC.md
Tomcat-Servlet型内存马https://github.com/Stakcery/JavaSec/blob/main/5.%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0/Tomcat/Tomcat-Servlet%E5%9E%8B%E5%86%85%E5%AD%98%E9%A9%AC/Tomcat-Servlet%E5%9E%8B%E5%86%85%E5%AD%98%E9%A9%AC.md
浅谈 Java Agent 内存马(网上看到大师傅写的很详细直接搬运工了)http://wjlshare.com/archives/1582
SpringBoot内存马学习-通过添加新路由https://github.com/Stakcery/JavaSec/blob/main/5.%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0/Spring/SpringBoot%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0-%E9%80%9A%E8%BF%87%E6%B7%BB%E5%8A%A0%E6%96%B0%E8%B7%AF%E7%94%B1/SpringBoot%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0-%E9%80%9A%E8%BF%87%E6%B7%BB%E5%8A%A0%E6%96%B0%E8%B7%AF%E7%94%B1.md
利用intercetor注入Spring内存马https://github.com/Stakcery/JavaSec/blob/main/5.%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0/Spring/%E5%88%A9%E7%94%A8intercetor%E6%B3%A8%E5%85%A5Spring%E5%86%85%E5%AD%98%E9%A9%AC/%E5%88%A9%E7%94%A8intercetor%E6%B3%A8%E5%85%A5Spring%E5%86%85%E5%AD%98%E9%A9%AC.md
https://github.com/log4she11/JavaSec#6javaagent学习专区
Java Instrument插桩技术初体验https://github.com/Stakcery/JavaSec/blob/main/6.JavaAgent/JavaInstrument%E6%8F%92%E6%A1%A9%E6%8A%80%E6%9C%AF/JavaInstrument%E6%8F%92%E6%A1%A9%E6%8A%80%E6%9C%AF.md
PreMain之addTransformer与redefineClasses用法学习https://github.com/Stakcery/JavaSec/blob/main/6.JavaAgent/PreMain%E4%B9%8BaddTransformer%E4%B8%8EredefineClasses%E7%94%A8%E6%B3%95%E5%AD%A6%E4%B9%A0/PreMain%E4%B9%8BaddTransformer%E4%B8%8EredefineClasses%E7%94%A8%E6%B3%95%E5%AD%A6%E4%B9%A0.md
AgentMain(JVM启动后动态Instrument)https://github.com/Stakcery/JavaSec/blob/main/6.JavaAgent/AgentMain/AgentMain.md
https://github.com/log4she11/JavaSec#7struts2学习专区
Struts2简介与漏洞环境搭建https://github.com/Stakcery/JavaSec/blob/main/7.Struts22%E4%B8%93%E5%8C%BA/%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA/%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA.md
Struts2框架处理流程与Struts2-001漏洞分析(Struts 2.0.0-Struts 2.0.8)https://github.com/Stakcery/JavaSec/blob/main/7.Struts2%E4%B8%93%E5%8C%BA/Struts2%E6%A1%86%E6%9E%B6%E5%A4%84%E7%90%86%E6%B5%81%E7%A8%8B/Struts2%E6%A1%86%E6%9E%B6%E5%A4%84%E7%90%86%E6%B5%81%E7%A8%8B%E4%B8%8EStruts2-001.md
S2-002漏洞分析(Struts 2.0.0 - Struts 2.1.8.1)https://github.com/Stakcery/JavaSec/blob/main/7.Struts2%E4%B8%93%E5%8C%BA/S2-002%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/S2-002%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90.md
https://github.com/log4she11/JavaSec#其他
JSP-Webshells集合https://github.com/threedr3am/JSP-Webshells
Spring Boot FatJar任意写目录漏洞导致Getshellhttps://www.cnblogs.com/wh4am1/p/14681335.html
利用TemplatesImpl执行字节码https://github.com/Stakcery/JavaSec/blob/main/%E5%85%B6%E4%BB%96/%E5%88%A9%E7%94%A8TemplatesImpl%E6%89%A7%E8%A1%8C%E5%AD%97%E8%8A%82%E7%A0%81/%E5%88%A9%E7%94%A8TemplatesImpl%E6%89%A7%E8%A1%8C%E5%AD%97%E8%8A%82%E7%A0%81.md
为什么补丁都喜欢打在resolveClasshttps://github.com/Stakcery/JavaSec/blob/main/4.Weblogic%E4%B8%93%E5%8C%BA/%E4%B8%BA%E4%BB%80%E4%B9%88%E8%A1%A5%E4%B8%81%E5%96%9C%E6%AC%A2%E6%89%93%E5%9C%A8resolveClass/%E4%B8%BA%E4%BB%80%E4%B9%88%E8%A1%A5%E4%B8%81%E5%96%9C%E6%AC%A2%E6%89%93%E5%9C%A8resolveClass.md
Java反序列化之URLDNShttps://github.com/Stakcery/JavaSec/blob/main/%E5%85%B6%E4%BB%96/Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B9%8BURLDNS/Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B9%8BURLDNS.md
高低版JDK下的JNDI注入绕过流程跟踪(Jdk8u191+)https://github.com/Stakcery/JavaSec/blob/main/%E5%85%B6%E4%BB%96/%E9%AB%98%E4%BD%8E%E7%89%88JDK%E4%B8%8B%E7%9A%84JNDI%E6%B3%A8%E5%85%A5%E7%BB%95%E8%BF%87%E6%B5%81%E7%A8%8B%E8%B7%9F%E8%B8%AA/%E9%AB%98%E4%BD%8E%E7%89%88JDK%E4%B8%8B%E7%9A%84JNDI%E6%B3%A8%E5%85%A5%E7%BB%95%E8%BF%87%E6%B5%81%E7%A8%8B%E8%B7%9F%E8%B8%AA.md
Java沙箱绕过https://www.anquanke.com/post/id/151398
https://github.com/log4she11/JavaSec#漏洞复现与分析
CVE-2021-2471 JDBC-XXE漏洞分析https://github.com/Stakcery/JavaSec/blob/main/%E5%85%B6%E4%BB%96/CVE-2021-2471%20JDBC-XXE%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/CVE-2021-2471%20JDBC-XXE%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90.md
spring-messaging 远程代码执行漏洞分析https://github.com/Stakcery/JavaSec/blob/main/%E5%85%B6%E4%BB%96/spring-messaging%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/spring-messaging%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90.md
https://github.com/log4she11/JavaSec#环境
如何远程调试Weblogichttps://github.com/QAX-A-Team/WeblogicEnvironment
使用idea进行tomcat源码调试https://zhuanlan.zhihu.com/p/35454131
Readme https://github.com/log4she11/JavaSec#readme-ov-file
Apache-2.0 license https://github.com/log4she11/JavaSec#Apache-2.0-1-ov-file
Please reload this pagehttps://github.com/log4she11/JavaSec
Activityhttps://github.com/log4she11/JavaSec/activity
0 forkshttps://github.com/log4she11/JavaSec/forks
Report repository https://github.com/contact/report-content?content_url=https%3A%2F%2Fgithub.com%2Flog4she11%2FJavaSec&report=log4she11+%28user%29
Releaseshttps://github.com/log4she11/JavaSec/releases
Packages 0https://github.com/users/log4she11/packages?repo_name=JavaSec
Please reload this pagehttps://github.com/log4she11/JavaSec
Contributorshttps://github.com/log4she11/JavaSec/graphs/contributors
Please reload this pagehttps://github.com/log4she11/JavaSec
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width


URLs of crawlers that visited me.