René's URL Explorer Experiment

Title: java代码审计文章集合 - 水泡泡 - 博客园

Description: 0x00 前言 java代码审计相关文章整理，持续更新。 0x01 java环境基础搭建Java Web开发环境配置IDEA编辑器开发java web，从0创建项目 IDEA动态调试 IDEA配置tomcat maven配置和IDEA创建maven项目 IDEA如何导入eclipse项

Open Graph Description: 0x00 前言 java代码审计相关文章整理，持续更新。 0x01 java环境基础搭建Java Web开发环境配置IDEA编辑器开发java web，从0创建项目 IDEA动态调试 IDEA配置tomcat maven配置和IDEA创建maven项目 IDEA如何导入eclipse项

Keywords:

java代码审计
java

direct link

Domain: www.cnblogs.com

Hey, it has json ld scripts:

    {
      "@context": "https://schema.org",
      "@type": "BlogPosting",
      "@id": "https://www.cnblogs.com/r00tuser/p/10577571.html",
      "headline": "java代码审计文章集合",
      "description": "0x00 前言 java代码审计相关文章整理，持续更新。 0x01\u0026#160;java环境基础 搭建Java Web开发环境 配置IDEA编辑器开发java web，从0创建项目 IDEA动态调试 IDEA配置tomcat maven配置和IDEA创建maven项目 IDEA如何导入eclipse项目 jav",
      "image": [
        
      ],
      "author": {
        "@type": "Person",
        "@id": "https://www.cnblogs.com/r00tuser/",
        "name": "水泡泡",
        "url": "https://www.cnblogs.com/r00tuser/"
      },
      "publisher": {
        "@type": "Organization",
        "@id": "https://www.cnblogs.com/",
        "name": "博客园",
        "url": "https://www.cnblogs.com/"
      },
      "datePublished": "2019-03-22T12:58:00.0000000+08:00",
      "dateModified": "2019-08-26T10:55:00.0000000+08:00",
      "wordCount": "11425",
      "isPartOf": {
        "@type": "Blog",
        "@id": "https://www.cnblogs.com/r00tuser/",
        "name": "水泡泡(kking)",
        "publisher": {
          "@type": "Organization",
          "@id": "https://www.cnblogs.com/",
          "name": "博客园"
        }
      }
    }

referrer	origin-when-cross-origin
og:image	https://assets.cnblogs.com/images/wechat-share.jpg
None	IE=edge

Links:

	https://www.doubao.com?channel=cnblogs&source=hw_db_cnblogs&type=lunt&theme=bianc
	https://www.cnblogs.com/
会员	https://cnblogs.vip/
周边	https://cnblogs.vip/store
新闻	https://news.cnblogs.com/
博问	https://q.cnblogs.com/
闪存	https://ing.cnblogs.com/
众包	https://www.cnblogs.com/cmt/p/18500368
赞助商	https://www.cnblogs.com/cmt/p/19316348
Chat2DB	https://chat2db-ai.com/
	https://i.cnblogs.com/EditPosts.aspx?opt=1
	https://www.cnblogs.com/my
	https://msg.cnblogs.com/
	javascript:void(0)
	https://home.cnblogs.com/
我的博客	https://www.cnblogs.com/my
我的园子	https://home.cnblogs.com/
账号设置	https://account.cnblogs.com/settings/account
会员中心	https://vip.cnblogs.com/my
简洁模式 ...	javascript:void(0)
退出登录	javascript:void(0)
注册	https://account.cnblogs.com/signup
登录	javascript:void(0);
	https://www.cnblogs.com/r00tuser/
水泡泡(kking)	https://www.cnblogs.com/r00tuser
博客园	https://www.cnblogs.com/
首页	https://www.cnblogs.com/r00tuser/
新随笔	https://i.cnblogs.com/EditPosts.aspx?opt=1
联系	https://msg.cnblogs.com/send/%E6%B0%B4%E6%B3%A1%E6%B3%A1
订阅	javascript:void(0)
管理	https://i.cnblogs.com/
java代码审计文章集合	https://www.cnblogs.com/r00tuser/p/10577571.html
搭建Java Web开发环境	https://www.cnblogs.com/wmyskxz/p/8798691.html
配置IDEA编辑器开发java web，从0创建项目	https://www.cnblogs.com/javabg/p/7976977.html
IDEA动态调试	https://blog.csdn.net/britainwei/article/details/51367963
	https://blog.csdn.net/britainwei/article/details/51367963)(
IDEA配置tomcat	https://blog.csdn.net/huo920/article/details/78307797
maven配置和IDEA创建maven项目	https://blog.csdn.net/qq_35437792/article/details/80631434
IDEA如何导入eclipse项目	https://www.cnblogs.com/lindp/p/4484390.html
	https://www.cnblogs.com/lindp/p/4484390.html）
java基础环境配置，来自漏洞社区	https://mp.weixin.qq.com/s/X0FeRl_lH3pqzM5bia3Npg
菜鸟教程	http://www.runoob.com/java/java-tutorial.html
理解java的三大特性之封装	https://www.cnblogs.com/chenssy/p/3351835.html
理解java的三大特性之继承	https://www.cnblogs.com/chenssy/p/3354884.html
理解java的三大特性之多态	https://www.cnblogs.com/chenssy/p/3372798.html
攻击JavaWeb应用1-9[JavaWeb安全系列]	https://www.cnblogs.com/r00tuser/p/攻击JavaWeb应用1-9[JavaWeb安全系列]
凌天实验室的代码审计系列（1-3）	https://www.sec-wiki.com/news/search?wd=Java+Web%E5%AE%89%E5%85%A8-%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1
java代码审计手书[1-4]	https://xz.aliyun.com/search?keyword=java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E6%89%8B%E4%B9%A6
Java_JSON反序列化之殇_看雪安全开发者峰会	https://github.com/shengqi158/fastjson-remote-code-execute-poc/blob/master/Java_JSON%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B9%8B%E6%AE%87_%E7%9C%8B%E9%9B%AA%E5%AE%89%E5%85%A8%E5%BC%80%E5%8F%91%E8%80%85%E5%B3%B0%E4%BC%9A.pdf
从反射链的构造看Java反序列漏洞	http://www.freebuf.com/news/150872.html
Java反序列化漏洞从理解到实践	http://bobao.360.cn/learning/detail/4474.html
Java 序列化与反序列化安全分析	http://mp.weixin.qq.com/s?__biz=MzI5ODE0ODA5MQ==&mid=2652278247&idx=1&sn=044893b732e4ffa267b00ffe1d9e4727&chksm=f7486473c03fed6525f0a869cbc4ddc03051cda92bb946377c4d831054954159542350768cf3&mpshare=1&scene=23&srcid=0919MUXFBglgDUEtLOha0wbo#rd
Java-Deserialization-Cheat-Sheet	https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
如何攻击Java反序列化过程	http://bobao.360.cn/learning/detail/4267.html
深入理解JAVA反序列化漏洞	https://www.vulbox.com/knowledge/detail/?id=11
Attacking Java Deserialization	https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/
jackson反序列化详细分析	http://bobao.360.cn/learning/detail/4118.html
Java安全之反序列化漏洞分析	https://mp.weixin.qq.com/s?__biz=MzIzMzgxOTQ5NA==&mid=2247484200&idx=1&sn=8f3201f44e6374d65589d00d91f7148e
fastjson 反序列化漏洞 POC 分析	https://mp.weixin.qq.com/s/0a5krhX-V_yCkz-zDN5kGg
Apache Commons Collections反序列化漏洞学习	http://pirogue.org/2017/12/22/javaSerialKiller/
bit4师傅的从0开始学习反序列化	http://code2sec.com/category/lou-dong-shi-jian.html
Java反序列化漏洞之殇	https://www.cnblogs.com/r00tuser/p/Java反序列化漏洞之殇
Java反序列化漏洞从入门到深入	https://xz.aliyun.com/t/2041
Java反序列化备忘录	https://xz.aliyun.com/t/2042
先知java反序列化集合	https://xz.aliyun.com/search?keyword=Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E
JAVA安全编码与代码审计	https://github.com/Cryin/Paper/blob/master/JAVA%E5%AE%89%E5%85%A8%E7%BC%96%E7%A0%81%E4%B8%8E%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.md
java-sec-code	https://github.com/JoyChou93/java-sec-code
Adobe ColdFusion反序列化RCE漏洞分析(CVE-2019-7091)	https://www.freebuf.com/vuls/196935.html%20
Apache Solr RCE—【CVE-2019-0192】	https://xz.aliyun.com/t/4422
Apache JMeter rmi 反序列化—【CVE-2018-1297】	https://xz.aliyun.com/t/2225
Apache Solr XXE漏洞分析 -【CVE-2018-8026 】	https://xz.aliyun.com/t/2448
Apache Tomcat安全绕过漏洞（CVE-2018-1305）	https://xz.aliyun.com/t/2088
CVE-2017-12623 Apache NiFi xxe	https://xz.aliyun.com/t/2049
Apache ActiveMQ Artemis 反序列化—【CVE-2016-4978】	https://xz.aliyun.com/t/2015
Apache Fineract SQL Inject—【CVE-2017-5663】	https://xz.aliyun.com/t/1978
Apache FOP-XXE—【CVE-2017-5661】	https://xz.aliyun.com/t/1940
Apache Batik XXE—【CVE-2017-5662】	https://xz.aliyun.com/t/1920
Apache Struts2 Freemarker标签远程执行漏洞分析和复现(S2-053)	https://xz.aliyun.com/t/68
Apache Synapse远程命令执行漏洞分析—【CVE-2017-15708】	https://xz.aliyun.com/t/1816
Apache Tika 任意代码执行详细分析Poc—【CVE-2016-6809】	https://xz.aliyun.com/t/1677
jenkins 无限制 rce 分析	https://xz.aliyun.com/t/3912
Jenkins RCE分析（CVE-2018-1000861分析）	https://lucifaer.com/2019/03/04/Jenkins%20RCE%E5%88%86%E6%9E%90%EF%BC%88CVE-2018-1000861%E5%88%86%E6%9E%90%EF%BC%89/
Hacking Jenkins Part 1 - Play with Dynamic Routing	http://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html
Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!	http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html
Exploiting Spring Boot Actuators	https://www.veracode.com/blog/research/exploiting-spring-boot-actuators
Attack Spring Boot Actuator via jolokia Part 1	https://lucifaer.com/2019/03/11/Attack%20Spring%20Boot%20Actuator%20via%20jolokia%20Part%201/
Attack Spring Boot Actuator via jolokia Part 2	https://lucifaer.com/2019/03/13/Attack%20Spring%20Boot%20Actuator%20via%20jolokia%20Part%202/
Nexus Repository Manager 3 远程代码执行漏洞 (CVE-2019-7238) 分析及利用	https://www.iswin.org/2019/02/16/Nexus-Repository-Manager-3-RCE-CVE-2019-7238-Analysis/
关于 JNDI 注入	http://bobao.360.cn/learning/detail/4564.html
层层放大java审计的攻击面	https://mp.weixin.qq.com/s/WT1EXEryUGGqHQpSi959xw
以Java的视角来聊聊SQL注入	https://mp.weixin.qq.com/s?__biz=MzIzMzgxOTQ5NA==&mid=2247483954&idx=1&sn=418b7e55b16c717ee5140af990298e22&chksm=e8fe9e3bdf89172d0670690060944bf2434cc2d2e8fba4477711299a0775cf3735a2022c0778#rd
站在Java的视角，深度分析防不胜防的小偷——“XSS”	http://mp.weixin.qq.com/s?__biz=MzIzMzgxOTQ5NA==&mid=100000340&idx=1&sn=6ca4ec15ef6338daf1d4a907351d7c08&chksm=68fe9e5d5f89174b44fd0cae2e3d5c0018859d3d1dc6d60a2e16dcde34499ba224d6ea17a982#rd
你的 Java web 配置安全吗？	https://mp.weixin.qq.com/s?__biz=MzIzMzgxOTQ5NA==&mid=100000318&idx=1&sn=9011af3e3968e0d87499605ef1a68291&chksm=68fe9e375f8917213297855bd9e1ab1203ae4c9b0b5ca351de7b2c0f7a7799bd1f4843cd13f4#rd
spring任意文件读取	https://github.com/ilmila/springcss-cve-2014-3625/tree/master/src
在 Runtime.getRuntime().exec(String cmd) 中执行任意shell命令的几种方法	https://mp.weixin.qq.com/s/zCe_O37rdRqgN-Yvlq1FDg
ysoserial 分析系列	https://xz.aliyun.com/search?keyword=ysoserial+JRMP%20
sec-news集合	http://wiki.ioin.in/search?word=java
sec-wiki集合	https://www.sec-wiki.com/news/search?wd=java
先知文章集合	https://xz.aliyun.com/search?keyword=java
orangetw	http://blog.orange.tw
iswin	https://www.iswin.org/
xxlegend	http://xxlegend.com/
chybeta	https://chybeta.github.io/
bit4	http://code2sec.com/index.html
隐形人真忙	https://blog.csdn.net/u011721501/article/category/2748021
rui0	http://rui0.cn
安全引擎	https://zhuanlan.freebuf.com/column/index/?name=%E5%AE%89%E5%85%A8%E5%BC%95%E6%93%8E
水泡泡	https://www.cnblogs.com/r00tuser
收藏	javascript:void(0)
举报	javascript:void(0)
刷新页面	https://www.cnblogs.com/r00tuser/p/10577571.html
返回顶部	https://www.cnblogs.com/r00tuser/p/10577571.html#top
	https://www.trae.com.cn/?utm_source=advertising&utm_medium=cnblogs_ug_cpa&utm_term=hw_trae_cnblogs
博客园	https://www.cnblogs.com/
浙公网安备 33010602011771号	http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=33010602011771
浙ICP备2021040463号-3	https://beian.miit.gov.cn

Viewport: width=device-width, initial-scale=1.0

URLs of crawlers that visited me.