René's URL Explorer Experiment


Title: GitHub - to016/JavaSec: a rep for documenting my study, may be from 0 to 0.1

Open Graph Title: GitHub - to016/JavaSec: a rep for documenting my study, may be from 0 to 0.1

X Title: GitHub - to016/JavaSec: a rep for documenting my study, may be from 0 to 0.1

Description: a rep for documenting my study, may be from 0 to 0.1 - to016/JavaSec

Open Graph Description: a rep for documenting my study, may be from 0 to 0.1 - to016/JavaSec

X Description: a rep for documenting my study, may be from 0 to 0.1 - to016/JavaSec

Opengraph URL: https://github.com/to016/JavaSec

X: @github

direct link

Domain: patch-diff.githubusercontent.com

route-pattern/:user_id/:repository
route-controllerfiles
route-actiondisambiguate
fetch-noncev2:7f30614f-2cf8-cf4a-43f5-ce63060b13f7
current-catalog-service-hashf3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
request-idDACC:310079:98D49C:D7CE75:696FB36E
html-safe-noncef9757b37d548fb6e2880a33a4453f5eb651ee4f100b5222ce7bf2a6e1e7afda4
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJEQUNDOjMxMDA3OTo5OEQ0OUM6RDdDRTc1OjY5NkZCMzZFIiwidmlzaXRvcl9pZCI6IjIyNzUxNjI3MDY2NzI1OTU4MjIiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ==
visitor-hmac67a00a008d9c250b7bd2bb089f45a33f02421187f4cb908dd142ab1251c51f98
hovercard-subject-tagrepository:585416271
github-keyboard-shortcutsrepository,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location//
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/to016/JavaSec
twitter:imagehttps://opengraph.githubassets.com/ea24be45cd48a71e6a18b17e0a473302649f0367cb894c18115ff9e6b3085e7c/to016/JavaSec
twitter:cardsummary_large_image
og:imagehttps://opengraph.githubassets.com/ea24be45cd48a71e6a18b17e0a473302649f0367cb894c18115ff9e6b3085e7c/to016/JavaSec
og:image:alta rep for documenting my study, may be from 0 to 0.1 - to016/JavaSec
og:image:width1200
og:image:height600
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
Noned146dfd2c89f9048de9fd6d73ec4ffcf201cc2c89880fcf1c73ff73970d46e64
turbo-cache-controlno-preview
go-importgithub.com/to016/JavaSec git https://github.com/to016/JavaSec.git
octolytics-dimension-user_id77546253
octolytics-dimension-user_loginto016
octolytics-dimension-repository_id585416271
octolytics-dimension-repository_nwoto016/JavaSec
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forktrue
octolytics-dimension-repository_parent_id418301081
octolytics-dimension-repository_parent_nwoY4tacker/JavaSec
octolytics-dimension-repository_network_root_id418301081
octolytics-dimension-repository_network_root_nwoY4tacker/JavaSec
turbo-body-classeslogged-out env-production page-responsive
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
release1866f0fdabd6ce28d22bf272fe23b56a9d475be6
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://patch-diff.githubusercontent.com/to016/JavaSec#start-of-content
https://patch-diff.githubusercontent.com/
Sign in https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2Fto016%2FJavaSec
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub SparkBuild and deploy intelligent appshttps://github.com/features/spark
GitHub ModelsManage and compare promptshttps://github.com/features/models
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2Fto016%2FJavaSec
Sign up https://patch-diff.githubusercontent.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E&source=header-repo&source_repo=to016%2FJavaSec
Reloadhttps://patch-diff.githubusercontent.com/to016/JavaSec
Reloadhttps://patch-diff.githubusercontent.com/to016/JavaSec
Reloadhttps://patch-diff.githubusercontent.com/to016/JavaSec
to016 https://patch-diff.githubusercontent.com/to016
JavaSechttps://patch-diff.githubusercontent.com/to016/JavaSec
Y4tacker/JavaSechttps://patch-diff.githubusercontent.com/Y4tacker/JavaSec
Notifications https://patch-diff.githubusercontent.com/login?return_to=%2Fto016%2FJavaSec
Fork 3 https://patch-diff.githubusercontent.com/login?return_to=%2Fto016%2FJavaSec
Star 1 https://patch-diff.githubusercontent.com/login?return_to=%2Fto016%2FJavaSec
Apache-2.0 license https://patch-diff.githubusercontent.com/to016/JavaSec/blob/main/LICENSE
1 star https://patch-diff.githubusercontent.com/to016/JavaSec/stargazers
338 forks https://patch-diff.githubusercontent.com/to016/JavaSec/forks
Branches https://patch-diff.githubusercontent.com/to016/JavaSec/branches
Tags https://patch-diff.githubusercontent.com/to016/JavaSec/tags
Activity https://patch-diff.githubusercontent.com/to016/JavaSec/activity
Star https://patch-diff.githubusercontent.com/login?return_to=%2Fto016%2FJavaSec
Notifications https://patch-diff.githubusercontent.com/login?return_to=%2Fto016%2FJavaSec
Code https://patch-diff.githubusercontent.com/to016/JavaSec
Pull requests 0 https://patch-diff.githubusercontent.com/to016/JavaSec/pulls
Actions https://patch-diff.githubusercontent.com/to016/JavaSec/actions
Projects 0 https://patch-diff.githubusercontent.com/to016/JavaSec/projects
Security Uh oh! There was an error while loading. Please reload this page. https://patch-diff.githubusercontent.com/to016/JavaSec/security
Please reload this pagehttps://patch-diff.githubusercontent.com/to016/JavaSec
Insights https://patch-diff.githubusercontent.com/to016/JavaSec/pulse
Code https://patch-diff.githubusercontent.com/to016/JavaSec
Pull requests https://patch-diff.githubusercontent.com/to016/JavaSec/pulls
Actions https://patch-diff.githubusercontent.com/to016/JavaSec/actions
Projects https://patch-diff.githubusercontent.com/to016/JavaSec/projects
Security https://patch-diff.githubusercontent.com/to016/JavaSec/security
Insights https://patch-diff.githubusercontent.com/to016/JavaSec/pulse
Brancheshttps://patch-diff.githubusercontent.com/to016/JavaSec/branches
Tagshttps://patch-diff.githubusercontent.com/to016/JavaSec/tags
https://patch-diff.githubusercontent.com/to016/JavaSec/branches
https://patch-diff.githubusercontent.com/to016/JavaSec/tags
632 Commitshttps://patch-diff.githubusercontent.com/to016/JavaSec/commits/main/
https://patch-diff.githubusercontent.com/to016/JavaSec/commits/main/
0.开发学习/SpringBoot2https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/0.%E5%BC%80%E5%8F%91%E5%AD%A6%E4%B9%A0/SpringBoot2
0.开发学习/SpringBoot2https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/0.%E5%BC%80%E5%8F%91%E5%AD%A6%E4%B9%A0/SpringBoot2
1.基础知识https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86
1.基础知识https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86
11.Springhttps://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/11.Spring
11.Springhttps://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/11.Spring
12.Shirohttps://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/12.Shiro
12.Shirohttps://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/12.Shiro
13.回显相关技术学习https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/13.%E5%9B%9E%E6%98%BE%E7%9B%B8%E5%85%B3%E6%8A%80%E6%9C%AF%E5%AD%A6%E4%B9%A0
13.回显相关技术学习https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/13.%E5%9B%9E%E6%98%BE%E7%9B%B8%E5%85%B3%E6%8A%80%E6%9C%AF%E5%AD%A6%E4%B9%A0
16.漏洞复现https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/16.%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0
16.漏洞复现https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/16.%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0
2.反序列化专区https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA
2.反序列化专区https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA
3.FastJson专区https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/3.FastJson%E4%B8%93%E5%8C%BA
3.FastJson专区https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/3.FastJson%E4%B8%93%E5%8C%BA
4.Weblogic专区https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/4.Weblogic%E4%B8%93%E5%8C%BA
4.Weblogic专区https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/4.Weblogic%E4%B8%93%E5%8C%BA
5.内存马学习https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/5.%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0
5.内存马学习https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/5.%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0
6.JavaAgenthttps://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/6.JavaAgent
6.JavaAgenthttps://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/6.JavaAgent
7.Struts2专区https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/7.Struts2%E4%B8%93%E5%8C%BA
7.Struts2专区https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/7.Struts2%E4%B8%93%E5%8C%BA
8.关于Tomcat的一些分享https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/8.%E5%85%B3%E4%BA%8ETomcat%E7%9A%84%E4%B8%80%E4%BA%9B%E5%88%86%E4%BA%AB
8.关于Tomcat的一些分享https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/8.%E5%85%B3%E4%BA%8ETomcat%E7%9A%84%E4%B8%80%E4%BA%9B%E5%88%86%E4%BA%AB
9.JDBC Attackhttps://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/9.JDBC%20Attack
9.JDBC Attackhttps://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/9.JDBC%20Attack
其他https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/%E5%85%B6%E4%BB%96
其他https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/%E5%85%B6%E4%BB%96
填坑文件夹https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/%E5%A1%AB%E5%9D%91%E6%96%87%E4%BB%B6%E5%A4%B9
填坑文件夹https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/%E5%A1%AB%E5%9D%91%E6%96%87%E4%BB%B6%E5%A4%B9
比赛反思/2022https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/%E6%AF%94%E8%B5%9B%E5%8F%8D%E6%80%9D/2022
比赛反思/2022https://patch-diff.githubusercontent.com/to016/JavaSec/tree/main/%E6%AF%94%E8%B5%9B%E5%8F%8D%E6%80%9D/2022
.gitignorehttps://patch-diff.githubusercontent.com/to016/JavaSec/blob/main/.gitignore
.gitignorehttps://patch-diff.githubusercontent.com/to016/JavaSec/blob/main/.gitignore
LICENSEhttps://patch-diff.githubusercontent.com/to016/JavaSec/blob/main/LICENSE
LICENSEhttps://patch-diff.githubusercontent.com/to016/JavaSec/blob/main/LICENSE
README.mdhttps://patch-diff.githubusercontent.com/to016/JavaSec/blob/main/README.md
README.mdhttps://patch-diff.githubusercontent.com/to016/JavaSec/blob/main/README.md
READMEhttps://patch-diff.githubusercontent.com/to016/JavaSec
Licensehttps://patch-diff.githubusercontent.com/to016/JavaSec
https://patch-diff.githubusercontent.com/to016/JavaSec#javasec
https://camo.githubusercontent.com/bdc2c0da1e08b4ba2eb5300f2569f054ceafa9112f20bab29b16991209477182/68747470733a2f2f736f6369616c6966792e6769742e63692f59347461636b65722f4a6176615365632f696d6167653f6465736372697074696f6e3d3126666f6e743d536f75726365253230436f646525323050726f26666f726b733d31266973737565733d31266c616e67756167653d31266e616d653d31266f776e65723d312670756c6c733d31267374617267617a6572733d31267468656d653d4461726b
https://patch-diff.githubusercontent.com/to016/JavaSec#0for-me
https://patch-diff.githubusercontent.com/to016/JavaSec#1基础篇
Java反射https://github.com/Y4tacker/JavaSec/blob/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/%E5%8F%8D%E5%B0%84/%E5%8F%8D%E5%B0%84.md
补充:通过反射修改用final static修饰的变量https://github.com/Y4tacker/JavaSec/tree/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/%E9%80%9A%E8%BF%87%E5%8F%8D%E5%B0%84%E4%BF%AE%E6%94%B9%E7%94%A8final%E4%BF%AE%E9%A5%B0%E7%9A%84%E5%8F%98%E9%87%8F
Java动态代理https://github.com/Y4tacker/JavaSec/blob/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/%E5%8A%A8%E6%80%81%E4%BB%A3%E7%90%86/%E5%8A%A8%E6%80%81%E4%BB%A3%E7%90%86.md
JNDI注入https://www.mi1k7ea.com/2019/09/15/%E6%B5%85%E6%9E%90JNDI%E6%B3%A8%E5%85%A5/
反序列化https://www.zhihu.com/question/47794528/answer/672095170
类加载器与双亲委派模型https://github.com/Y4tacker/JavaSec/blob/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/%E7%B1%BB%E5%8A%A0%E8%BD%BD%E5%99%A8%E4%B8%8E%E5%8F%8C%E4%BA%B2%E5%A7%94%E6%B4%BE%E6%A8%A1%E5%9E%8B/%E7%B1%BB%E5%8A%A0%E8%BD%BD%E5%99%A8%E4%B8%8E%E5%8F%8C%E4%BA%B2%E5%A7%94%E6%B4%BE%E6%A8%A1%E5%9E%8B.md
两种实现Java类隔离加载的方法https://max.book118.com/html/2021/0415/5213012132003221.shtm
ClassLoader(类加载机制)https://github.com/Y4tacker/JavaSec/blob/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/ClassLoader(%E7%B1%BB%E5%8A%A0%E8%BD%BD%E6%9C%BA%E5%88%B6)/ClassLoader(%E7%B1%BB%E5%8A%A0%E8%BD%BD%E6%9C%BA%E5%88%B6).md
SPI学习https://github.com/Y4tacker/JavaSec/blob/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/SPI/SPI.md
JavaAgenthttp://wjlshare.com/archives/1582
JMXhttps://zhuanlan.zhihu.com/p/166530442
JMX补充学习这哥们写的不错https://github.com/ZhangZiSheng001/02-jmx-demo
JDWP远程执行命令https://www.mi1k7ea.com/2021/08/06/%E6%B5%85%E6%9E%90JDWP%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/
Tomcat中容器的pipeline机制(学了以后更好帮助Tomcat-Valve类型内存马理解)https://www.cnblogs.com/coldridgeValley/p/5816414.html
ASM学习+Class文件结构了解+JVM一些简单知识https://github.com/Y4tacker/JavaSec/tree/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/ASM%E5%AD%A6%E4%B9%A0/index.md
Xpath注入https://github.com/Y4tacker/JavaSec/blob/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/Xpath%E6%B3%A8%E5%85%A5/index.md
JSTL(看菜鸟教程即可)https://www.runoob.com/jsp/jsp-jstl.html
JEP290基础概念https://github.com/Y4tacker/JavaSec/blob/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/JEP290%E7%9A%84%E5%9F%BA%E6%9C%AC%E6%A6%82%E5%BF%B5/index.md
Java中的XXEhttps://github.com/Y4tacker/JavaSec/blob/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/Java%E4%B8%AD%E7%9A%84XXE/index.md
通过反射扫描被注解修饰的类https://github.com/Y4tacker/JavaSec/blob/main/%E5%85%B6%E4%BB%96/%E9%80%9A%E8%BF%87%E5%8F%8D%E5%B0%84%E6%89%AB%E6%8F%8F%E8%A2%AB%E6%B3%A8%E8%A7%A3%E4%BF%AE%E9%A5%B0%E7%9A%84%E7%B1%BB/index.md
低版本下Java文件系统00截断https://github.com/Y4tacker/JavaSec/blob/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/%E4%BD%8E%E7%89%88%E6%9C%AC%E4%B8%8BJava%E6%96%87%E4%BB%B6%E7%B3%BB%E7%BB%9F00%E6%88%AA%E6%96%AD/index.md
有趣的XSS之Normalizehttps://github.com/Y4tacker/JavaSec/blob/main/1.%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/%E6%9C%89%E8%B6%A3%E7%9A%84XSS%E4%B9%8BNormalize/index.md
红队-java代码审计生命周期(带你简单了解审计)https://www.secpulse.com/archives/193771.html
https://patch-diff.githubusercontent.com/to016/JavaSec#2反序列化
Java反序列化之URLDNShttps://github.com/Y4tacker/JavaSec/blob/main/%E5%85%B6%E4%BB%96/Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B9%8BURLDNS/Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B9%8BURLDNS.md
CommonsCollections1笔记https://github.com/Y4tacker/JavaSec/blob/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA/CommonsCollections1/CommonsCollections1.md
CommonsCollections2笔记https://github.com/Y4tacker/JavaSec/blob/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA/CommonsCollections2/CommonsCollections2.md
CommonsCollections3笔记https://github.com/Y4tacker/JavaSec/blob/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA/CommonsCollections3/CommonsCollections3.md
CommonsCollections5笔记https://github.com/Y4tacker/JavaSec/blob/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA/CommonsCollections5/CommonsCollections5.md
CommonsCollections6-HashSet笔记https://github.com/Y4tacker/JavaSec/blob/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA/CommonsCollections6-HashSet/CommonsCollections6-HashSet.md
CommonsCollections6-HashMap笔记https://github.com/Y4tacker/JavaSec/blob/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA/CommonsCollections6-HashMap/CommonsCollections6-HashMap.md
CommonsCollections6-Shiro1.2.4笔记https://github.com/Y4tacker/JavaSec/blob/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA/CommonsCollections6-Shiro1.2.4/CommonsCollections6-Shiro1.2.4.md
CommonsCollections7笔记https://github.com/Y4tacker/JavaSec/blob/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA/CommonsCollections7/CommonsCollections7.md
使用TemplatesImpl改造CommonsCollections2https://github.com/Y4tacker/JavaSec/blob/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA/%E4%BD%BF%E7%94%A8TemplatesImpl%E6%94%B9%E9%80%A0CommonsCollections2/%E4%BD%BF%E7%94%A8TemplatesImpl%E6%94%B9%E9%80%A0CommonsCollections2.md
CommonsBeanutils1笔记https://github.com/Y4tacker/JavaSec/blob/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA/CommonsBeanutils1/CommonsBeanutils1%E7%AC%94%E8%AE%B0.md
CommonsBeanutils1-Shiro(无CC依赖)https://github.com/Y4tacker/JavaSec/blob/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA/CommonsBeanutils1-Shiro(%E6%97%A0CC%E4%BE%9D%E8%B5%96)/CommonsBeanutils1-Shiro(%E6%97%A0CC%E4%BE%9D%E8%B5%96).md
FileUpload1-写文件\删除文件https://github.com/Y4tacker/JavaSec/blob/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA/FileUpload/index.md
C3P0利用链简单分析https://github.com/Y4tacker/JavaSec/blob/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA/C3P0/C3P0.md
C3P0Tomcat不出网利用(思路就是之前高版本JNDI注入的思路)http://www.yulegeyu.com/2021/10/10/JAVA%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B9%8BC3P0%E4%B8%8D%E5%87%BA%E7%BD%91%E5%88%A9%E7%94%A8/
反制Ysoserial0.0.6版本-JRMP(打个标签weblogic搞定后看看)https://github.com/Y4tacker/JavaSec/blob/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA/%E5%8F%8D%E5%88%B6Ysoserial0.0.6%E7%89%88%E6%9C%AC-JRMP/%E5%8F%8D%E5%88%B6Ysoserial0.0.6%E7%89%88%E6%9C%AC-JRMP.md
网上看到的神秘套娃CommonsCollections11https://github.com/Y4tacker/JavaSec/blob/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA/CommonsCollections11/CommonsCollections11.md
SnakeYAML反序列化及可利用Gadgethttps://y4tacker.github.io/2022/02/08/year/2022/2/SnakeYAML%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%8F%8A%E5%8F%AF%E5%88%A9%E7%94%A8Gadget%E5%88%86%E6%9E%90/
SnakeYAML出网探测Gadget(自己瞎琢磨出来的,不过在1.7以下版本就不行)https://y4tacker.github.io/2022/02/08/year/2022/2/SnakeYAML%E5%AE%9E%E7%8E%B0Gadget%E6%8E%A2%E6%B5%8B/
XStream反序列化学习https://y4tacker.github.io/2022/02/10/year/2022/2/XStream%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96/
解决反序列化serialVesionUID不一致问题(BestMatch:打破双亲委派对jbxz用工具最方便)https://gv7.me/articles/2020/deserialization-of-serialvesionuid-conflicts-using-a-custom-classloader/
自己搞的把ROME利用链长度缩小4400-1320(Base64)https://y4tacker.github.io/2022/03/07/year/2022/3/ROME%E6%94%B9%E9%80%A0%E8%AE%A1%E5%88%92/
JDK7u21https://github.com/Y4tacker/JavaSec/blob/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA/JDK7u21/index.md
AspectJWeaver写文件https://github.com/Y4tacker/JavaSec/blob/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA/AspectJWeaver/AspectJWeaver.md
反序列化在渗透测试当中值得关注的点https://github.com/Y4tacker/JavaSec/blob/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA/%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%9C%A8%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95%E5%BD%93%E4%B8%AD%E5%80%BC%E5%BE%97%E5%85%B3%E6%B3%A8%E7%9A%84%E7%82%B9/index.md
构造java探测class反序列化gadgethttps://mp.weixin.qq.com/s/KncxkSIZ7HVXZ0iNAX8xPA
对URLDNS探测class的补充(为什么本地明明没有这个类却有"DNS解析")https://github.com/Y4tacker/JavaSec/blob/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA/URLDNS%E6%8E%A2%E6%B5%8Bclass%E7%9A%84%E8%A1%A5%E5%85%85/index.md
https://patch-diff.githubusercontent.com/to016/JavaSec#3fastjsonjackson专区
Jackson的利用触发及小细节https://github.com/Y4tacker/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/Jackson%E7%9A%84%E5%88%A9%E7%94%A8%E8%A7%A6%E5%8F%91/index.md
Fastjson基本用法https://github.com/Y4tacker/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/Fastjson%E5%9F%BA%E6%9C%AC%E7%94%A8%E6%B3%95/Fastjson%E5%9F%BA%E6%9C%AC%E7%94%A8%E6%B3%95.md
Fastjson1.1.15-1.2.4与BCEL字节码加载https://github.com/Y4tacker/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/Fastjson1.1.15-1.2.4%E4%B8%8EBCEL%E5%AD%97%E8%8A%82%E7%A0%81%E5%8A%A0%E8%BD%BD/Fastjson1.1.15-1.2.4%E4%B8%8EBCEL%E5%AD%97%E8%8A%82%E7%A0%81%E5%8A%A0%E8%BD%BD.md
Fastjson1.22-1.24反序列化分析之JNDIhttps://github.com/Y4tacker/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/Fastjson1.22-1.24/Fastjson1.22-1.24%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%88%86%E6%9E%90%E4%B9%8BJNDI/Fastjson1.22-1.24.md
Fastjson1.22-1.24反序列化分析之TemplateImplhttps://github.com/Y4tacker/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/Fastjson1.22-1.24/Fastjson1.22-1.24%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%88%86%E6%9E%90%E4%B9%8BTemplateImpl/Fastjson1.22-1.24.md
Fastjson1.2.25-1.2.41补丁绕过(用L;绕过、需要开启autotype)https://github.com/Y4tacker/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/Bypass/Fastjson1.2.25-1.2.41%E8%A1%A5%E4%B8%81%E7%BB%95%E8%BF%87/Fastjson1.2.25-1.2.41%E8%A1%A5%E4%B8%81%E7%BB%95%E8%BF%87.md
Fastjson1.2.25-1.2.42补丁绕过(双写L;绕过、需要开启autotype)https://github.com/Y4tacker/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/Bypass/Fastjson1.2.25-1.2.42%E8%A1%A5%E4%B8%81%E7%BB%95%E8%BF%87/Fastjson1.2.25-1.2.42%E8%A1%A5%E4%B8%81%E7%BB%95%E8%BF%87.md
Fastjson1.2.25-1.2.43补丁绕过(用左中括号绕过、需要开启autotype)https://github.com/Y4tacker/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/Bypass/Fastjson1.2.25-1.2.43%E8%A1%A5%E4%B8%81%E7%BB%95%E8%BF%87/Fastjson1.2.25-1.2.43%E8%A1%A5%E4%B8%81%E7%BB%95%E8%BF%87.md
Fastjson1.2.25-1.2.45补丁绕过(mybatis的3.x版本且<3.5.0、需要开启autotype)https://github.com/Y4tacker/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/Bypass/Fastjson1.2.25-1.2.45%E8%A1%A5%E4%B8%81%E7%BB%95%E8%BF%87/Fastjson1.2.25-1.2.45%E8%A1%A5%E4%B8%81%E7%BB%95%E8%BF%87.md
Fastjson1.2.25-1.2.47绕过https://github.com/Y4tacker/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/Bypass/Fastjson1.2.25-1.2.47%E7%BB%95%E8%BF%87%E6%97%A0%E9%9C%80AutoType/Fastjson1.2.25-1.2.47%E7%BB%95%E8%BF%87%E6%97%A0%E9%9C%80AutoType.md
Fastjson1.2.48-1.2.68反序列化漏洞https://www.anquanke.com/post/id/232774
Fastjson1.2.68不使用ref引用,不用parseObject触发get方法https://su18.org/post/fastjson-1.2.68/#getter-%E6%96%B9%E6%B3%95%E8%B0%83%E7%94%A8
关于blackhat2021披露的fastjson1.2.68链的一些细节,防止公众号以后找不到同目录下有备份https://mp.weixin.qq.com/s?__biz=MzUzNDMyNjI3Mg==&mid=2247484866&idx=1&sn=23fb7897f6e54cdf61031a65c602487d&scene=21#wechat_redirect
2021L3HCTF中关于Fastjson1.2.68的骚操作https://github.com/Y4tacker/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/%E5%85%B6%E4%BB%96/L3HCTF%202021%20Official%20Write%20Up.pdf
一些有趣的Trickhttps://github.com/Y4tacker/JavaSec/blob/main/3.FastJson%E4%B8%93%E5%8C%BA/%E6%9C%89%E8%B6%A3Trick/FastJson%20Trick.md
fastjson低版本不出网利用(常规很简单的炒陈饭看看就行)https://mp.weixin.qq.com/s?__biz=MzAwNzk0NTkxNw==&mid=2247486057&idx=1&sn=6799b8b77f058247705beaa6995dcb82&chksm=9b7721bbac00a8adc3ca7b23590bcb7493fc93091eaf76efe4662b7d6f86068e38d20338c3c1&mpshare=1&scene=2&srcid=1109kLt9Pm0fZdiqQ8zbB0IX&sharer_sharetime=1667995572392&sharer_shareid=917ce1404b071ce27556675ad135266f#rd
https://patch-diff.githubusercontent.com/to016/JavaSec#4weblogic专区暂时不想看
T3协议学习https://github.com/Y4tacker/JavaSec/blob/main/4.Weblogic%E4%B8%93%E5%8C%BA/T3%E5%8D%8F%E8%AE%AE%E5%AD%A6%E4%B9%A0/T3%E5%8D%8F%E8%AE%AE%E5%AD%A6%E4%B9%A0.md
CVE-2015-4852复现分析https://github.com/Y4tacker/JavaSec/blob/main/4.Weblogic%E4%B8%93%E5%8C%BA/CVE-2015-4852%E5%A4%8D%E7%8E%B0%E5%88%86%E6%9E%90/CVE-2015-4852%E5%A4%8D%E7%8E%B0%E5%88%86%E6%9E%90.md
Weblogic使用ClassLoader和RMI来回显命令执行结果https://xz.aliyun.com/t/7228
Weblogic SSRF Involving Deserialized JDBC Connectionhttps://pyn3rd.github.io/2022/06/18/Weblogic-SSRF-Involving-Deserialized-JDBC-Connection/
https://patch-diff.githubusercontent.com/to016/JavaSec#5内存马学习专区
Shell中的幽灵王者—JAVAWEB 内存马 【认知篇】https://mp.weixin.qq.com/s/NKq4BZ8fLK7bsGSK5UhoGQ
JavaWeb与Tomcat介绍https://github.com/Y4tacker/JavaSec/blob/main/5.%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0/Tomcat/Tomcat%E4%BB%8B%E7%BB%8D/Tomcat%E4%BB%8B%E7%BB%8D.md
Tomcat-Listener型内存马https://github.com/Y4tacker/JavaSec/blob/main/5.%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0/Tomcat/Tomcat-Listener%E5%9E%8B%E5%86%85%E5%AD%98%E9%A9%AC/Tomcat-Listener%E5%9E%8B%E5%86%85%E5%AD%98%E9%A9%AC.md
Tomcat-Filter型内存马https://github.com/Y4tacker/JavaSec/blob/main/5.%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0/Tomcat/Tomcat-Filter%E5%9E%8B%E5%86%85%E5%AD%98%E9%A9%AC/Tomcat-Filter%E5%9E%8B%E5%86%85%E5%AD%98%E9%A9%AC.md
Tomcat-Servlet型内存马https://github.com/Y4tacker/JavaSec/blob/main/5.%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0/Tomcat/Tomcat-Servlet%E5%9E%8B%E5%86%85%E5%AD%98%E9%A9%AC/Tomcat-Servlet%E5%9E%8B%E5%86%85%E5%AD%98%E9%A9%AC.md
Tomcat-Valve内存马https://mp.weixin.qq.com/s/x4pxmeqC1DvRi9AdxZ-0Lw
Tomcat-Upgrade内存马https://mp.weixin.qq.com/s/RuP8cfjUXnLVJezBBBqsYw
WebSocket代理内存马https://github.com/veo/wsMemShell
Executor内存马的实现https://mp.weixin.qq.com/s/uHxQf86zHJvg9frTbjdIdA
浅谈 Java Agent 内存马(网上看到大师傅写的很详细直接搬运工了)http://wjlshare.com/archives/1582
SpringBoot内存马学习-通过添加新路由https://github.com/Y4tacker/JavaSec/tree/main/5.%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0/Spring/%E9%92%88%E5%AF%B9springboot%E7%9A%84controller%E5%86%85%E5%AD%98%E9%A9%AC
利用intercetor注入Spring内存马https://github.com/Y4tacker/JavaSec/blob/main/5.%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0/Spring/%E5%88%A9%E7%94%A8intercetor%E6%B3%A8%E5%85%A5Spring%E5%86%85%E5%AD%98%E9%A9%AC/index.md
Timer型内存马https://github.com/Y4tacker/JavaSec/blob/main/5.%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0/Tomcat/Timer%E5%9E%8B%E5%86%85%E5%AD%98%E9%A9%AC/index.md
看不见的Jsp-Webshell(有点像平时CTF里面php的不死马的效果)https://mp.weixin.qq.com/s/1ZiLD396088TxiW_dUOFsQ
看不见的 Jsp-WebShell 第二式增强之无痕https://mp.weixin.qq.com/s/7b3Fyu_K6ZRgKlp6RkdYoA
Spring cloud gateway通过SPEL注入内存马https://gv7.me/articles/2022/the-spring-cloud-gateway-inject-memshell-through-spel-expressions/
https://patch-diff.githubusercontent.com/to016/JavaSec#6javaagent学习专区
Java Instrument插桩技术初体验https://github.com/Y4tacker/JavaSec/blob/main/6.JavaAgent/JavaInstrument%E6%8F%92%E6%A1%A9%E6%8A%80%E6%9C%AF/JavaInstrument%E6%8F%92%E6%A1%A9%E6%8A%80%E6%9C%AF.md
PreMain之addTransformer与redefineClasses用法学习https://github.com/Y4tacker/JavaSec/blob/main/6.JavaAgent/PreMain%E4%B9%8BaddTransformer%E4%B8%8EredefineClasses%E7%94%A8%E6%B3%95%E5%AD%A6%E4%B9%A0/PreMain%E4%B9%8BaddTransformer%E4%B8%8EredefineClasses%E7%94%A8%E6%B3%95%E5%AD%A6%E4%B9%A0.md
AgentMain(JVM启动后动态Instrument)https://github.com/Y4tacker/JavaSec/blob/main/6.JavaAgent/AgentMain/AgentMain.md
通过JVMTI实现C/C++的JavaAgent交互https://luckymrwang.github.io/2020/12/28/%E7%A0%B4%E8%A7%A3-Java-Agent-%E6%8E%A2%E9%92%88%E9%BB%91%E7%A7%91%E6%8A%80/#JVMTIAgent
RaspLearninghttps://github.com/Y4tacker/RaspLearning
https://patch-diff.githubusercontent.com/to016/JavaSec#7struts2学习专区
Struts2简介与漏洞环境搭建https://github.com/Y4tacker/JavaSec/blob/main/7.Struts2%E4%B8%93%E5%8C%BA/%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA/%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA.md
S2-001学习(由于是第一篇我还是分析的比较详细,后面不会重复本篇里面的一些流程内容)https://github.com/Y4tacker/JavaSec/blob/main/7.Struts2%E4%B8%93%E5%8C%BA/s2-001%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/Struts2-001.md
S2-002学习(太鸡肋了感觉实战也比较难出现)https://github.com/Y4tacker/JavaSec/blob/main/7.Struts2%E4%B8%93%E5%8C%BA/S2-002%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/S2-002%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90.md
S2-003学习(比较有趣的一个洞很多小细节)https://github.com/Y4tacker/JavaSec/blob/main/7.Struts2%E4%B8%93%E5%8C%BA/s2-003%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/index.md
S2-005学习(通过Ognl将上下文_memberAccess中的acceptProperties设为空绕过)https://github.com/Y4tacker/JavaSec/blob/main/7.Struts2%E4%B8%93%E5%8C%BA/s2-005%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/index.md
S2-007学习(字符串拼接导致OGNL解析)https://github.com/Y4tacker/JavaSec/blob/main/7.Struts2%E4%B8%93%E5%8C%BA/S2-007%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/index.md
S2-008学习(很鸡肋,稍微有点用的有开启devMode解析任意Ognl)https://github.com/Y4tacker/JavaSec/blob/main/7.Struts2%E4%B8%93%E5%8C%BA/S2-008%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/index.md
S2-015学习(静态方法受限制以及没有setAllowStaticMethodAccess后如何绕过)https://github.com/Y4tacker/JavaSec/blob/main/7.Struts2%E4%B8%93%E5%8C%BA/S2-015%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/index.md
S2-032学习(清空_memberAccess当中excludedXXX限制通过构造函数调用/使用DefaultMemberAccess覆盖SecurityMemberAccess绕过限制)https://github.com/Y4tacker/JavaSec/blob/main/7.Struts2%E4%B8%93%E5%8C%BA/S2-032%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/index.md
S2-045学习(通过container获取全局共享的OgnlUtil实例来清除SecurityMemberAccess当中属性的限制)https://github.com/Y4tacker/JavaSec/blob/main/7.Struts2%E4%B8%93%E5%8C%BA/S2-045%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/index.md
S2-057学习(突破#context被删除限制,从attr作用域获取context对象)https://github.com/Y4tacker/JavaSec/blob/main/7.Struts2%E4%B8%93%E5%8C%BA/S2-057%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/index.md
https://patch-diff.githubusercontent.com/to016/JavaSec#8关于tomcat的一些小研究
JSTL的可利用点https://github.com/Y4tacker/JavaSec/blob/main/8.%E5%85%B3%E4%BA%8ETomcat%E7%9A%84%E4%B8%80%E4%BA%9B%E5%88%86%E4%BA%AB/JSTL%E7%9A%84%E5%8F%AF%E5%88%A9%E7%94%A8%E7%82%B9/index.md
一次jsp的奇异探索https://github.com/Y4tacker/JavaSec/blob/main/8.%E5%85%B3%E4%BA%8ETomcat%E7%9A%84%E4%B8%80%E4%BA%9B%E5%88%86%E4%BA%AB/%E4%B8%80%E6%AC%A1jsp%E7%9A%84%E5%A5%87%E5%BC%82%E6%8E%A2%E7%B4%A2/1.md
Tomcat写文件新利用思路https://github.com/Y4tacker/JavaSec/blob/main/8.%E5%85%B3%E4%BA%8ETomcat%E7%9A%84%E4%B8%80%E4%BA%9B%E5%88%86%E4%BA%AB/Tomcat%E5%86%99%E6%96%87%E4%BB%B6%E6%96%B0%E5%88%A9%E7%94%A8%E6%80%9D%E8%B7%AF/DC.md
两个关于Tomcat的问题https://github.com/Y4tacker/JavaSec/blob/main/8.%E5%85%B3%E4%BA%8ETomcat%E7%9A%84%E4%B8%80%E4%BA%9B%E5%88%86%E4%BA%AB/%E4%B8%A4%E4%B8%AA%E5%85%B3%E4%BA%8ETomcat%E7%9A%84%E9%97%AE%E9%A2%98/1.md
Java文件上传大杀器-绕waf(针对commons-fileupload组件)https://github.com/Y4tacker/JavaSec/blob/main/8.%E5%85%B3%E4%BA%8ETomcat%E7%9A%84%E4%B8%80%E4%BA%9B%E5%88%86%E4%BA%AB/Common-fileupload%E7%BB%84%E4%BB%B6%E7%BB%95%E8%BF%87/Java%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E5%A4%A7%E6%9D%80%E5%99%A8-%E7%BB%95waf(%E9%92%88%E5%AF%B9commons-fileupload%E7%BB%84%E4%BB%B6).md
探寻Tomcat文件上传流量层面绕waf新姿势https://y4tacker.github.io/2022/06/19/year/2022/6/%E6%8E%A2%E5%AF%BBTomcat%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%B5%81%E9%87%8F%E5%B1%82%E9%9D%A2%E7%BB%95waf%E6%96%B0%E5%A7%BF%E5%8A%BF/
https://patch-diff.githubusercontent.com/to016/JavaSec#9jdbc-attack
探索高版本 JDK 下 JNDI 漏洞的利用方法https://tttang.com/archive/1405/
MySQL-JDBC-反序列化漏洞https://github.com/Y4tacker/JavaSec/blob/main/2.%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B8%93%E5%8C%BA/MySQL-JDBC-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E/MySQL%20JDBC-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E.md
MySQL JDBC 客户端反序列化漏洞分析https://www.anquanke.com/post/id/203086
对fnmsd关于detectCustomCollations触发点的版本纠正https://xz.aliyun.com/t/10923
H2-RCEhttps://github.com/Y4tacker/JavaSec/blob/main/9.JDBC%20Attack/h2/index.md
ModeShape-JNDIhttps://github.com/Y4tacker/JavaSec/blob/main/9.JDBC%20Attack/ModeShape/index.md
IBM DB2-JNDIhttps://github.com/Y4tacker/JavaSec/blob/main/9.JDBC%20Attack/IBM-DB2/index.md
Apache Derby可触发反序列化https://github.com/Y4tacker/JavaSec/blob/main/9.JDBC%20Attack/Apache-Derby/index.md
SQLite SSRFhttps://github.com/Y4tacker/JavaSec/blob/main/9.JDBC%20Attack/SQLite/index.md
PostgreSQL-RCE(敌不动我不动,你先发poc我放心)https://github.com/Y4tacker/JavaSec/blob/main/9.JDBC%20Attack/PostGreSQL/index.md
Make JDBC Attacks Brilliant Again 番外篇(作为上面Postgresql的拓展)https://tttang.com/archive/1462/
Hive-RCEhttps://github.com/Y4tacker/hue-hive-rce
https://patch-diff.githubusercontent.com/to016/JavaSec#10关于jndi的整理
Java RMI 攻击由浅入深(深入源码,师傅写的很好)https://su18.org/post/rmi-attack/
如何绕过高版本 JDK 的限制进行 JNDI 注入利用https://paper.seebug.org/942/#classreference-factory
高低版JDK下的JNDI注入绕过流程跟踪(Jdk8u191+)https://github.com/Y4tacker/JavaSec/blob/main/%E5%85%B6%E4%BB%96/%E9%AB%98%E4%BD%8E%E7%89%88JDK%E4%B8%8B%E7%9A%84JNDI%E6%B3%A8%E5%85%A5%E7%BB%95%E8%BF%87%E6%B5%81%E7%A8%8B%E8%B7%9F%E8%B8%AA/%E9%AB%98%E4%BD%8E%E7%89%88JDK%E4%B8%8B%E7%9A%84JNDI%E6%B3%A8%E5%85%A5%E7%BB%95%E8%BF%87%E6%B5%81%E7%A8%8B%E8%B7%9F%E8%B8%AA.md
探索高版本 JDK 下 JNDI 漏洞的利用方法https://tttang.com/archive/1405/
JNDI jdk高版本绕过—— Druidhttps://xz.aliyun.com/t/10656
https://patch-diff.githubusercontent.com/to016/JavaSec#11spring
SpirngBoot下结合Tomcat实现无OOB方式下的回显https://github.com/Y4tacker/JavaSec/blob/main/5.%E5%86%85%E5%AD%98%E9%A9%AC%E5%AD%A6%E4%B9%A0/Spring/springboot-tomcat%E5%9B%9E%E6%98%BE/index.md
低版本SpringBoot-SpEL表达式注入漏洞复现分析https://y4tacker.github.io/2022/02/07/year/2022/2/%E4%BD%8E%E7%89%88%E6%9C%ACSpringBoot-SpEL%E8%A1%A8%E8%BE%BE%E5%BC%8F%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0%E5%88%86%E6%9E%90/
SpringCloud-SnakeYAML-RCE(高版本不可用)https://y4tacker.github.io/2022/02/08/year/2022/2/SpringCloud-SnakeYAML-RCE/
Spring Boot Vulnerability Exploit Check Listhttps://github.com/LandGrey/SpringBootVulExploit
SSRF to Rce with Jolokia and Mbeanshttps://github.com/Y4tacker/JavaSec/blob/main/%E5%85%B6%E4%BB%96/SSRF%20to%20RCE%20with%20Jolokia%20and%20MBeans%20%E2%80%A2%20Think%20Love%20Share.pdf
CVE-2022-22947 SpringCloudGateWay 远程代码执行https://github.com/Y4tacker/JavaSec/blob/main/11.Spring/CVE-2022-22947%20SpringCloudGateWay%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C/index.md
Spring Cloud Function-SPEL(利用面不大)https://hosch3n.github.io/2022/03/26/SpringCloudFunction%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/
SpringMVC框架任意代码执行漏洞(CVE-2010-1622)分析http://rui0.cn/archives/1158
Spring Beans RCE分析(CVE-2022-22965)(我还是喜欢叫Spring4shell,自己懒得写了,这篇还可以,稍微注意下AccessLogValve这个类WBS)https://xz.aliyun.com/t/11129
Spring Data MongoDB SpEL表达式注入(CVE-2022-22980)(能看但是有些逻辑还是讲得很混乱总体而已还是好的作为参考即可)https://xz.aliyun.com/t/11484
SpringBoot全局注册Filter过滤XSShttps://github.com/Y4tacker/JavaSec/blob/main/11.Spring/SpringBoot%E5%85%A8%E5%B1%80%E6%B3%A8%E5%86%8CFilter%E8%BF%87%E6%BB%A4XSS/index.md
https://patch-diff.githubusercontent.com/to016/JavaSec#12shiro
Shiro另类检测方式http://www.lmxspace.com/2020/08/24/%E4%B8%80%E7%A7%8D%E5%8F%A6%E7%B1%BB%E7%9A%84shiro%E6%A3%80%E6%B5%8B%E6%96%B9%E5%BC%8F/
浅谈Shiro执行任意反序列化gadget的方案https://github.com/Y4tacker/JavaSec/blob/main/12.Shiro/%E6%B5%85%E8%B0%88Shiro%E6%89%A7%E8%A1%8C%E4%BB%BB%E6%84%8F%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96gadget%E7%9A%84%E6%96%B9%E6%A1%88/index.md
CVE-2010-3863权限绕过(通过/./admin绕过/admin,/abc/../admin)https://github.com/Y4tacker/JavaSec/blob/main/12.Shiro/CVE-2010-3863%E6%9D%83%E9%99%90%E7%BB%95%E8%BF%87/index.md
CVE-2016-6802权限绕过(通过/abc/../y4tacker/admin绕过)https://github.com/Y4tacker/JavaSec/blob/main/12.Shiro/CVE-2016-6802%E6%9D%83%E9%99%90%E7%BB%95%E8%BF%87/index.md
Shiro550-TemplatesImpl(CC6-Shiro)https://github.com/phith0n/JavaThings/blob/master/shiroattack/src/main/java/com/govuln/shiroattack/CommonsCollectionsShiro.java
CommonsBeanutils与无 commons-collections的Shiro反序列化利用https://github.com/phith0n/JavaThings/blob/master/shiroattack/src/main/java/com/govuln/shiroattack/CommonsBeanutils1Shiro.java
另类的shiro检验key的检测方式http://www.lmxspace.com/2020/08/24/%E4%B8%80%E7%A7%8D%E5%8F%A6%E7%B1%BB%E7%9A%84shiro%E6%A3%80%E6%B5%8B%E6%96%B9%E5%BC%8F/
shiro反序列化漏洞攻击拓展面--修改keyhttps://tttang.com/archive/1457/
Tomcat-Header长度受限突破shiro回显https://github.com/Y4tacker/JavaSec/blob/main/12.Shiro/Tomcat-Header%E9%95%BF%E5%BA%A6%E5%8F%97%E9%99%90%E7%AA%81%E7%A0%B4shiro%E5%9B%9E%E6%98%BE/index.md
Spring下Shiro<1.5.0权限绕过(/unauthorize/)https://github.com/Y4tacker/JavaSec/blob/main/12.Shiro/SHIRO682/index.md
CVE-2020-13933特殊场景权限绕过(通过/unauthorize/%3b)https://github.com/Y4tacker/JavaSec/blob/main/12.Shiro/CVE-2020-13933%E6%9D%83%E9%99%90%E7%BB%95%E8%BF%87/index.md
SpringBoot2.3.0下Shiro<=1.5.1权限绕过(通过/aa;/%2e%2e/unauthorize绕过对/unauthorize拦截,当然也可以不用目录穿越/;y4tacker/unauthorize也可以)https://github.com/Y4tacker/JavaSec/tree/main/11.Spring/SpringBoot2.3.0%E4%B8%8BShiro%3C%3D1.5.1%E6%9D%83%E9%99%90%E7%BB%95%E8%BF%87
Spring-Shiro1.5.2 Bypass(通过/unauthorize/a%252Fa绕过对/unauthorize/*的权限限制)https://github.com/Y4tacker/JavaSec/blob/main/12.Shiro/Spring-Shiro1.5.2%20Bypass/index.md
https://patch-diff.githubusercontent.com/to016/JavaSec#13回显相关技术学习
通杀漏洞利用回显方法-linux平台https://www.00theway.org/2020/01/17/java-god-s-eye/
linux下java反序列化通杀回显方法的低配版实现https://xz.aliyun.com/t/7307
Tomcat中一种半通用回显方法https://xz.aliyun.com/t/7348
https://patch-diff.githubusercontent.com/to016/JavaSec#14-jspwebshell
JSP-Webshells集合(三梦的总结挺全面的利用点)https://github.com/threedr3am/JSP-Webshells
JspWebShell新姿势解读https://y4tacker.github.io/2022/05/16/year/2022/5/JspWebShell%E6%96%B0%E5%A7%BF%E5%8A%BF%E8%A7%A3%E8%AF%BB/
jsp新webshell的探索之旅https://y4tacker.github.io/2022/02/03/year/2022/2/jsp%E6%96%B0webshell%E7%9A%84%E6%8E%A2%E7%B4%A2%E4%B9%8B%E6%97%85/
JspWebshell编码混淆篇(unicode和html实体编码那些就懒得写了技术性不强)https://y4tacker.github.io/2022/11/27/year/2022/11/%E6%B5%85%E8%B0%88JspWebshell%E4%B9%8B%E7%BC%96%E7%A0%81/
https://patch-diff.githubusercontent.com/to016/JavaSec#15waf
Java文件上传大杀器-绕waf(针对commons-fileupload组件)https://y4tacker.github.io/2022/02/25/year/2022/2/Java%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E5%A4%A7%E6%9D%80%E5%99%A8-%E7%BB%95waf(%E9%92%88%E5%AF%B9commons-fileupload%E7%BB%84%E4%BB%B6)/
探寻Java文件上传流量层面waf绕过姿势系列一https://y4tacker.github.io/2022/06/19/year/2022/6/%E6%8E%A2%E5%AF%BBTomcat%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%B5%81%E9%87%8F%E5%B1%82%E9%9D%A2%E7%BB%95waf%E6%96%B0%E5%A7%BF%E5%8A%BF/
探寻Java文件上传流量层面waf绕过姿势系列二https://y4tacker.github.io/2022/06/21/year/2022/6/%E6%8E%A2%E5%AF%BBJava%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%B5%81%E9%87%8F%E5%B1%82%E9%9D%A2waf%E7%BB%95%E8%BF%87%E5%A7%BF%E5%8A%BF%E7%B3%BB%E5%88%97%E4%BA%8C/
Java反序列化数据绕WAF之加大量脏数据 | 回忆飘如雪 (gv7.me)https://gv7.me/articles/2021/java-deserialize-data-bypass-waf-by-adding-a-lot-of-dirty-data/
Java反序列化脏数据新姿势-对大师傅的姿势补充(个人的小研究)https://y4tacker.github.io/2022/02/05/year/2022/2/%E5%AF%B9Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%95%B0%E6%8D%AE%E7%BB%95WAF%E6%96%B0%E5%A7%BF%E5%8A%BF%E7%9A%84%E8%A1%A5%E5%85%85/
Fastjson词法引擎绕wafhttps://y4tacker.github.io/2022/03/30/year/2022/3/%E6%B5%85%E8%B0%88Fastjson%E7%BB%95waf/
RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypasshttps://h1pmnh.github.io/post/writeup_spring_el_waf_bypass/
https://patch-diff.githubusercontent.com/to016/JavaSec#16漏洞复现
Apache Commons Configuration 远程代码执行(虽然是配置文件RCE但也有学习意义)https://xz.aliyun.com/t/11527
Apache Spark shell command injection vulnerability via Spark UI(之前很早前在我的各个知识星球分享了)https://github.com/Y4tacker/JavaSec/blob/main/16.%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/CVE-2022-33891/index.md
Apache Commons JXPath 远程代码执行https://github.com/Y4tacker/JavaSec/blob/main/16.%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/CVE-2022-41852/index.md
Apache Commons Text 远程代码执行https://github.com/Y4tacker/JavaSec/blob/main/16.%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/CVE-2022-42889/index.md
https://patch-diff.githubusercontent.com/to016/JavaSec#17模板引擎相关
velocity 模板注入https://www.cnblogs.com/nice0e3/p/16218857.html
freemarker 模板注入https://www.cnblogs.com/nice0e3/p/16217471.html
pebble模板注入https://github.com/Y4tacker/JavaSec/blob/main/%E6%AF%94%E8%B5%9B%E5%8F%8D%E6%80%9D/2022/8/uiuctf-pebble/index.md
thymeleaf模板注入https://xz.aliyun.com/t/10514
国产Jfinal用的Enjoy模板引擎主要研究不出网利用https://y4tacker.github.io/2022/04/14/year/2022/4/Enjoy%E6%A8%A1%E6%9D%BF%E5%BC%95%E6%93%8E%E5%88%86%E6%9E%90/
https://patch-diff.githubusercontent.com/to016/JavaSec#18各框架对uri处理的特性及trick
Tomcat URL解析差异性导致的安全问题(网上看到的主要关注HttpServletRequest中几个解析URL的函数这个问题)https://xz.aliyun.com/t/7544
Tomcat中url解析特性https://github.com/Y4tacker/JavaSec/blob/main/8.%E5%85%B3%E4%BA%8ETomcat%E7%9A%84%E4%B8%80%E4%BA%9B%E5%88%86%E4%BA%AB/Tomcat%E4%B8%ADurl%E8%A7%A3%E6%9E%90%E7%89%B9%E6%80%A7/index.md
SpringBoot2.3.0以下路由%2e跨目录处理(可用于权限绕过)https://github.com/Y4tacker/JavaSec/blob/main/11.Spring/SpringBoot2.3.0%E4%BB%A5%E4%B8%8B%E8%B7%AF%E7%94%B1%252e%E8%B7%A8%E7%9B%AE%E5%BD%95%E5%A4%84%E7%90%86(%E5%8F%AF%E7%94%A8%E4%BA%8E%E6%9D%83%E9%99%90%E7%BB%95%E8%BF%87)/index.md
https://patch-diff.githubusercontent.com/to016/JavaSec#19hacking-fernflower-decompiler准备上议题后放
https://patch-diff.githubusercontent.com/to016/JavaSec#20asm与jvm学习
JAVA虚拟机执行模型(关注引入了栈映射帧,用于加快虚拟机中类验证过程的速度)https://www.cnblogs.com/coding-way/p/6600647.html
What is a stack map framehttps://stackoverflow.com/questions/25109942/what-is-a-stack-map-frame
为什么JVM需要DUP指令https://www.cnblogs.com/clayjj/p/7698035.html
https://patch-diff.githubusercontent.com/to016/JavaSec#其他分享
JMX RMI攻击利用https://github.com/k1n9/k1n9.github.io/blob/aeeb609fe6a25d67bc2dc5f990a501368fb25409/_posts/2017-08-24-attack-jmx-rmi.md
一次从jmx到rcehttps://mp.weixin.qq.com/s?__biz=MzIwMzIyMjYzNA==&mid=2247506824&idx=1&sn=1bff6060290c0fdb7fe059cff2c61153&chksm=96d0208da1a7a99b6e61c8e3c332d324c0296bbccf1163cb8a10760e57cd17e150cb23a0e36a&mpshare=1&scene=1&srcid=1220PA2K5MY7dM3gWTr06z4r&sharer_sharetime=1671532238935&sharer_shareid=19374164c9d8647c6159e09a97bb1208#rd
tomcat-jmxproxy-rce-exp(挺骚的感觉留个后门啥的不错)https://xz.aliyun.com/t/11450
GadgetInspector源码分析https://y4tacker.github.io/2022/05/09/year/2022/5/GadgetInspector%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90/
CVE-2021-2471 JDBC-XXE漏洞分析https://github.com/Y4tacker/JavaSec/blob/main/%E5%85%B6%E4%BB%96/CVE-2021-2471%20JDBC-XXE%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/CVE-2021-2471%20JDBC-XXE%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90.md
spring-messaging 远程代码执行漏洞分析https://github.com/Y4tacker/JavaSec/blob/main/%E5%85%B6%E4%BB%96/spring-messaging%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/spring-messaging%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90.md
CVE-2020-9484 Tomcat-RCE漏洞分析报告(备注:三梦师傅的文章,提升了我对Tomcat配置的了解)https://threedr3am.github.io/2020/06/12/CVE-2020-9484%20Tomcat-RCE%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E6%8A%A5%E5%91%8A/
Java “后反序列化漏洞” 利用思路https://paper.seebug.org/1133/
关于Servlet的线程安全问题https://y4tacker.github.io/2022/02/03/year/2022/2/Servlet%E7%9A%84%E7%BA%BF%E7%A8%8B%E5%AE%89%E5%85%A8%E9%97%AE%E9%A2%98/
BypassSMhttps://github.com/Y4tacker/JavaSec/blob/main/%E5%85%B6%E4%BB%96/BypassSM/bypasssm.md
Log4j2-RCE分析http://blog.gm7.org/%E4%B8%AA%E4%BA%BA%E7%9F%A5%E8%AF%86%E5%BA%93/02.%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/01.Java%E5%AE%89%E5%85%A8/03.%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/06.log4j2_rce%E5%88%86%E6%9E%90.html#%E5%A4%8D%E7%8E%B0
Spring Boot FatJar任意写目录漏洞导致Getshellhttps://www.cnblogs.com/wh4am1/p/14681335.html
利用TemplatesImpl执行字节码https://github.com/Y4tacker/JavaSec/blob/main/%E5%85%B6%E4%BB%96/%E5%88%A9%E7%94%A8TemplatesImpl%E6%89%A7%E8%A1%8C%E5%AD%97%E8%8A%82%E7%A0%81/%E5%88%A9%E7%94%A8TemplatesImpl%E6%89%A7%E8%A1%8C%E5%AD%97%E8%8A%82%E7%A0%81.md
为什么补丁都喜欢打在resolveClasshttps://github.com/Y4tacker/JavaSec/blob/main/4.Weblogic%E4%B8%93%E5%8C%BA/%E4%B8%BA%E4%BB%80%E4%B9%88%E8%A1%A5%E4%B8%81%E5%96%9C%E6%AC%A2%E6%89%93%E5%9C%A8resolveClass/%E4%B8%BA%E4%BB%80%E4%B9%88%E8%A1%A5%E4%B8%81%E5%96%9C%E6%AC%A2%E6%89%93%E5%9C%A8resolveClass.md
Java沙箱绕过https://www.anquanke.com/post/id/151398
一种普遍存在于java系统的缺陷 - Memory DoShttps://threedr3am.github.io/2021/11/18/%E4%B8%80%E7%A7%8D%E6%99%AE%E9%81%8D%E5%AD%98%E5%9C%A8%E4%BA%8Ejava%E7%B3%BB%E7%BB%9F%E7%9A%84%E7%BC%BA%E9%99%B7-Memory%20DoS/#more
如何关闭百度的Rasphttps://github.com/Y4tacker/JavaSec/blob/main/%E5%85%B6%E4%BB%96/%E5%85%B3%E9%97%AD%E7%99%BE%E5%BA%A6%E7%9A%84Rasp/index.md
漫谈 JEP 290https://paper.seebug.org/1689/#_1
Java Web —— 从内存中Dump JDBC数据库明文密码(还挺好玩的)https://mp.weixin.qq.com/s/QCfqO2BJuhSOr58rldZzxA
普通EL表达式命令回显的简单研究https://forum.butian.net/share/886
如何带依赖打包Jarhttps://github.com/Y4tacker/JavaSec/blob/main/%E5%85%B6%E4%BB%96/Maven/index.md
一些Java二次反序列化的点(持续收集)https://github.com/Y4tacker/JavaSec/blob/main/%E5%85%B6%E4%BB%96/Java%E4%BA%8C%E6%AC%A1%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96/Java%E8%A7%A6%E5%8F%91%E4%BA%8C%E6%AC%A1%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E7%9A%84%E7%82%B9.md
自己写的OpenRasp分析https://y4tacker.github.io/2022/05/28/year/2022/5/OpenRasp%E5%88%86%E6%9E%90/
Apache Unomi 表达式注入攻防https://github.com/1135/unomi_exploit
JEXL3表达式注入https://xz.aliyun.com/t/8099
利用JVMTI实现JAR包加密(还没看很牛逼就是了)https://mp.weixin.qq.com/s/jH8TNvY8bAu0m2kQBvpQyg
安全同学讲Maven重打包的故事https://mp.weixin.qq.com/s?__biz=MzIzOTU0NTQ0MA==&mid=2247510513&idx=1&sn=fbcd84ba56d0c04dbd28b42f10f3bfb1&chksm=e92a94fede5d1de8e8301f8efb9db5e3f1a4fc14a5e29be541668d706a77141bbbd8d63db1ac&mpshare=1&scene=1&srcid=1025aCfF1bF9RgdhX85sgkj3&sharer_sharetime=1666696525299&sharer_shareid=4a549281c7d8f067d766da5aff57a064#rd
某软件监控页面RCE漏洞分析(虽然过于简单,但是可以借此了解下OA系统)https://xz.aliyun.com/t/11778
https://patch-diff.githubusercontent.com/to016/JavaSec#比赛反思
Codegate2022(关键词:绕过开头file协议读文件、xpath注入读系统配置)https://github.com/Y4tacker/JavaSec/blob/main/%E6%AF%94%E8%B5%9B%E5%8F%8D%E6%80%9D/2022/3/Codegate2022/index.md
SUSCTF2022(关键词:绕rasp、fastjson、xxe)https://github.com/Y4tacker/JavaSec/tree/main/%E6%AF%94%E8%B5%9B%E5%8F%8D%E6%80%9D/2022/3/SUSCTF2022
D^3CTF2022(关键词:ROME链缩短、Mybatis与Ognl)https://y4tacker.github.io/2022/03/07/year/2022/3/ROME%E6%94%B9%E9%80%A0%E8%AE%A1%E5%88%92/
虎符CTF2022(关键词:Hessian反序列化、Rome二次反序列化、java.security.SignedObject#getObject、UnixPrintService命令执行、Tabby)https://y4tacker.github.io/2022/03/21/year/2022/3/2022%E8%99%8E%E7%AC%A6CTF-Java%E9%83%A8%E5%88%86/
MRCTF2022(关键词:Kryo反序列化、Rome二次反序列化、内存马、Bypass SerialKiller黑名单-找替代类)https://y4tacker.github.io/2022/04/24/year/2022/4/2022MRCTF-Java%E9%83%A8%E5%88%86/
GoogleCTF2022(关键词:Log4j2、Bundle、ReDoS)https://github.com/Y4tacker/JavaSec/blob/main/%E6%AF%94%E8%B5%9B%E5%8F%8D%E6%80%9D/2022/3/2022GooGleCTF/index.md
UIUCTF2022-Spoink(关键词:Pebble最新模板注入Bypass、Spring中无路由上传文件处理)https://github.com/Y4tacker/JavaSec/blob/main/%E6%AF%94%E8%B5%9B%E5%8F%8D%E6%80%9D/2022/8/uiuctf-pebble/index.md
TetCTF2023&Liferay(CVE-2019-16891)(Pre-Auth RCE)https://y4tacker.github.io/2023/01/03/year/2023/TetCTF2023-Liferay-CVE-2019-16891-Pre-Auth-RCE/
https://patch-diff.githubusercontent.com/to016/JavaSec#环境
如何远程调试Weblogichttps://github.com/QAX-A-Team/WeblogicEnvironment
使用idea进行tomcat源码调试https://zhuanlan.zhihu.com/p/35454131
https://patch-diff.githubusercontent.com/to016/JavaSec#todolist
Dubbo学习之后开启https://xz.aliyun.com/t/10916
无文件落地Agent型内存马植入(Java内存攻击技术漫谈-Rebyond)https://xz.aliyun.com/t/10075#toc-5
https://patch-diff.githubusercontent.com/to016/JavaSec#注意事项
https://patch-diff.githubusercontent.com/to016/JavaSec#优质博客
Y4tacker(自己的能不写吗)https://y4tacker.github.io/
三梦https://threedr3am.github.io/
su18https://su18.org/
landgreyhttps://landgrey.me/
回忆飘如雪https://gv7.me/
https://patch-diff.githubusercontent.com/to016/JavaSec#更多
https://camo.githubusercontent.com/4e4537a30f8d299eb40d402d7ab26a1de318d21e299b95017737793c225c79e6/68747470733a2f2f6170692e737461722d686973746f72792e636f6d2f7376673f7265706f733d59347461636b65722f4a61766153656326747970653d54696d656c696e65
Readme https://patch-diff.githubusercontent.com/to016/JavaSec#readme-ov-file
Apache-2.0 license https://patch-diff.githubusercontent.com/to016/JavaSec#Apache-2.0-1-ov-file
Please reload this pagehttps://patch-diff.githubusercontent.com/to016/JavaSec
Activityhttps://patch-diff.githubusercontent.com/to016/JavaSec/activity
1 starhttps://patch-diff.githubusercontent.com/to016/JavaSec/stargazers
0 watchinghttps://patch-diff.githubusercontent.com/to016/JavaSec/watchers
3 forkshttps://patch-diff.githubusercontent.com/to016/JavaSec/forks
Report repository https://patch-diff.githubusercontent.com/contact/report-content?content_url=https%3A%2F%2Fgithub.com%2Fto016%2FJavaSec&report=to016+%28user%29
Releaseshttps://patch-diff.githubusercontent.com/to016/JavaSec/releases
Packages 0https://patch-diff.githubusercontent.com/users/to016/packages?repo_name=JavaSec
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width

URLs of crawlers that visited me.