{"id":13843534,"url":"https://github.com/SummerSec/BlogPapers","last_synced_at":"2025-07-11T19:32:14.254Z","repository":{"id":37337197,"uuid":"425661780","full_name":"SummerSec/BlogPapers","owner":"SummerSec","description":"\u003ca href=\"sumsec.me\"\u003e\u003cimg src=\"https://readme-typing-svg.demolab.com?font=Fira+Code\u0026size=24\u0026pause=1000\u0026color=FDFDFD\u0026background=13797800\u0026center=true\u0026vCenter=true\u0026width=435\u0026lines=%F0%9F%91%8B%EF%BC%8C%E5%83%8F%E6%B8%85%E6%B0%B4%E4%B8%80%E8%88%AC%E6%B8%85%E6%BE%88%E9%80%8F%E6%98%8E\" alt=\"SummerSec\" /\u003e\u003c/a\u003e","archived":false,"fork":false,"pushed_at":"2024-10-29T12:54:00.000Z","size":664952,"stargazers_count":53,"open_issues_count":0,"forks_count":6,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-10-29T15:21:10.356Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://sumsec.me","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SummerSec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-11-08T01:30:18.000Z","updated_at":"2024-10-29T12:54:04.000Z","dependencies_parsed_at":"2024-11-06T13:52:57.952Z","dependency_job_id":null,"html_url":"https://github.com/SummerSec/BlogPapers","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SummerSec%2FBlogPapers","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SummerSec%2FBlogPapers/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SummerSec%2FBlogPapers/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SummerSec%2FBlogPapers/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SummerSec","download_url":"https://codeload.github.com/SummerSec/BlogPapers/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225755024,"owners_count":17519189,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:02:12.065Z","updated_at":"2024-11-21T15:31:07.625Z","avatar_url":"https://github.com/SummerSec.png","language":"PHP","funding_links":[],"categories":["PHP","LLM分析过程"],"sub_categories":[],"readme":"\n\n\n\n\n\n\n\n\n\n\n## \u003cimg src=\"./resources/Hi.gif\" width=\"30px\"\u003e\u003ca href=\"https://sumsec.me/\"\u003e\u003cimg src=\"https://readme-typing-svg.demolab.com?font=Fira+Code\u0026duration=6000\u0026pause=1500\u0026color=2D94F7\u0026height=45\u0026lines=%20%20+%E4%BD%A0%E5%A5%BD%E5%91%80%EF%BC%81;%E5%83%8F%E6%B8%85%E6%B0%B4%E4%B8%80%E8%88%AC%E6%B8%85%E6%BE%88%E9%80%8F%E6%98%8E\" alt=\"Typing SVG\" /\u003e\u003c/a\u003e\n\n\n\n[🏯 HOME](https://sumsec.me/)\u0026emsp;[\u0026#x1F4C1; Archives](./resources/Archives.md)  \u0026emsp;  [\u0026#x1F4E3; About ME](./resources/AboutMe.md) \u0026emsp; [\u0026#x1F4D2;Old Blog](https://old.sumsec.me)\u0026emsp; [\u0026#x1F4CC; Advertisements](./resources/Advertisements.md)\u0026emsp; [ \u0026#x1F310; SiteMap](./resources/sitemap.xml) \u0026emsp; [🗂 Resources](./resources/README.md)   [ 🔭 RSS.xml](./resources/rss.xml)\n\n\n\n### 时间轴 \u0026#x1F4C8;\n\n\n\n#### 2022  📅\n\n| Time  | Name                                                         | Tags           |\n| ----- | ------------------------------------------------------------ | -------------- |\n| 12/09 | [VMWare-Workspace-ONE-Access-Auth-Bypass](./2022/VMWare-Workspace-ONE-Access-Auth-Bypass.md) | 漏洞分析/Java/RCE |\n| 09/28 | [Spring-Framework-RCE-CVE-2022-22965漏洞分析](./2022/Spring-Framework-RCE-CVE-2022-22965漏洞分析.md) | 漏洞分析/Java/RCE                      |\n| 08/08 | [相似度算法调研](./2022/相似度算法调研.md)                   | 算法/go                                |\n| 07/19 | [CVE-2022-33891 Apache Spark shell command injection](./2022/CVE-2022-33891 Apache Spark shell command injection.md) | 命令执行/Spark                    |\n| 07/05 | [正则匹配配置不当](./2022/正则匹配配置不当.md)               | 正则匹配Java/正则匹配             |\n| 06/22 | [CVE-2022-22980 Mongodb SpEL](./2022/CVE-2022-22980 Mongodb SpEL.md) | Java/SpEL/CodeQL |\n| 03/29 | [CodeQL Usage Tricks](./2022/CodeQL-Usage-Tricks.md)         | CodeQL/Tricks/Java                     |\n| 03/18 | [Spring Boot RCE到内存马探索](./2022/Spring Boot RCE到内存马探索.md) | Spring/RCE/MemShell                    |\n| 03/14 | [Shiro后渗透拓展面](./2022/Shiro后渗透拓展面.md)             | Shiro/Agent/Web/Java                   |\n| 03/02 | [shiro反序列化漏洞攻击拓展面--修改key](./2022/shiro反序列化漏洞攻击拓展面--修改key.md) | shiro/key/Java/Web                     |\n| 03/10 | [GitHub Java CodeQL CTF](./2022/GitHub Java CodeQL CTF.md)   | CodeQL/Java/CTF                        |\n| 02/27 | [Hack-Tools2Web](./2022/Hack-Tools2Web.md)                   | Hack/Tools/Web                         |\n| 02/21 | [CodeQL与Shiro550碰撞](./2022/CodeQL与Shiro550碰撞.md)       | CodeQL/Java/Shiro                      |\n| 02/21 | [CodeQL初见Shiro550](./2022/CodeQL初见Shiro550.md)           | CodeQL/Java/Shiro                      |\n| 02/20 | [CodeQL与AST之间联系](./2022/CodeQL与AST之间联系.md)         | CodeQL/AST/Java                        |\n| 02/15 | [Java加载动态链接库方式](./2022/Java加载动态链接库方式.md)   | Java/DLL/Load                          |\n| 01/20 | [Log4j2漏洞分析](./2022/Log4j2漏洞分析.md)                   | Log4j2/Java/Vul                        |\n| 01/08 | [PL-4-Interprocedural Analysis](./PL/Interprocedural-Analysis.md) | PL                                     |\n| 01/07 | [PL-3-Data Analysis Foundation](./PL/Data-Analysis-Foundation.md) | PL                                     |\n| 01/06 | [PL-2-Data-Flow-Analysis](./PL/Data-Flow-Analysis.md)        | PL                                     |\n| 01/04 | [PL-1-Intermediate-Representation](./PL/Intermediate-Representation.md) | PL                                     |\n\n\n\n---\n\n\n\n#### 2021 📅\n\n| Time  | Name                                                         | Tags           |\n| ----- | ------------------------------------------------------------ | -------------- |\n| 04/15 | [PII泄露--用CodeQL识别日志中的PII数据](./2021/PII泄露--用CodeQL识别日志中的PII数据.md) | CodeQL/Java    |\n| 04/24 | [CodeQL workshop for Java Unsafe deserialization in Apache Struts](./2021/CodeQL-workshop-for-Java-Unsafe-deserialization-in-Apache-Struts.md) | CodeQL/Java    |\n| 06/05 | [weblogic之CVE-2020-2551iiop反序列化漏洞分析](./2021/weblogic之CVE-2020-2551iiop反序列化漏洞分析.md) | Java           |\n| 06/05 | [weblogic之CVE-2020-2551iiop反序列化漏洞复现](./2021/weblogic之CVE-2020-2551iiop反序列化漏洞复现.md) | Java           |\n| 07/15 | [Fastjson回显](./2021/Fastjson回显.md)                       | Java/Fastjson  |\n| 07/21 | [Tomcat通用回显学习笔记](./2021/Tomcat通用回显学习笔记.md)   | Java           |\n| 08/03 | [从Java反序列化漏洞题看CodeQL数据流](./2021/从Java反序列化漏洞题看CodeQL数据流.md) | CodeQL/Java    |\n| 11/01 | [Shiro-550反序列化漏洞分析](./2021/Shiro-550反序列化漏洞分析.md) | shiro550/Java  |\n| 11/09 | [记一次Log4j失败的Gadget挖掘记录](./2021/记一次Log4j失败的Gadget挖掘记录.md) | CodeQL/Java    |\n| 11/15 | [ysoserial改造记录](./2021/ysoserial改造记录.md)             | ysoserial/Java |\n| 11/30 | [JNDI注入](./2021/JNDI注入.md)                               | JNDI/Java      |\n| 12/08 | [shiro-JRMP-gadget](./2021/shiro-JRMP-gadget.md)             | shiro/exp      |\n| 12/21 | [Fastjson_Mysql_gadget复现](./2021/Fastjson_Mysql_gadget复现.md) | fastjson/exp   |\n| 12/31 | [2021年度总结](./2021/2021年度总结.md)                       | 总结           |\n\n\n\n---\n\n### 广告位 📑\n\n| 腾讯云     | [买云服务器，参与礼品兑换、抽奖，最高送价值8000元IPad，还有Bose耳机、千元京东卡等您来！](https://curl.qcloud.com/ExHdaRF2) |\n| ---------- | ------------------------------------------------------------ |\n| **腾讯云** | [**云产品限时秒杀，爆款2核4G云服务器首年74元**](https://curl.qcloud.com/5RLkMR5O) |\n| **腾讯云** | [**代金券、域名提前享，更多爆品、新春好礼2月中旬开启，敬请期待!**](https://cloud.tencent.com/act/cps/redirect?redirect=1576\u0026cps_key=efaad5c0d018bebdee56492ced661c43\u0026from=console) |\n| **腾讯云** | [**【腾讯云】爆款2核2G云服务器首年40元，企业首购最高获赠300元京东卡**](https://cloud.tencent.com/act/cps/redirect?redirect=1577\u0026cps_key=efaad5c0d018bebdee56492ced661c43\u0026from=console) |\n| **腾讯云** | [**【腾讯云】CDN低至3元，短信0.033元/条起，直播/点播/TRTC等套餐包0.7折起**](https://cloud.tencent.com/act/cps/redirect?redirect=1578\u0026cps_key=efaad5c0d018bebdee56492ced661c43\u0026from=console) |\n| **腾讯云** | [**【腾讯云】境外1核2G服务器低至2折，半价续费券限量免费领取！**](https://cloud.tencent.com/act/cps/redirect?redirect=1068\u0026cps_key=efaad5c0d018bebdee56492ced661c43\u0026from=console) |\n| **腾讯云** | [**【腾讯云】1核2G5M轻量应用服务器50元首年，高性价比，助您轻松上云**](https://cloud.tencent.com/act/cps/redirect?redirect=1556\u0026cps_key=efaad5c0d018bebdee56492ced661c43\u0026from=console) |\n| **腾讯云** | [**【腾讯云】轻量应用服务器Lighthouse，「轻」松上云！1核2G6M 限时低至74元/年起！**](https://cloud.tencent.com/act/cps/redirect?redirect=1079\u0026cps_key=efaad5c0d018bebdee56492ced661c43\u0026from=console) |\n| **腾讯云** | [**【腾讯云】中小企业福利专场，多款刚需产品，满足企业通用场景需求，云服务器2.5折起**](https://cloud.tencent.com/act/cps/redirect?redirect=1060\u0026cps_key=efaad5c0d018bebdee56492ced661c43\u0026from=console) |\n| **腾讯云** | [**【腾讯云】云数据库新春助力「轻」松上云，新老朋友免费加「量」不加价，100%兼容MySQL1核1G限时低至19.9元/年起**](https://cloud.tencent.com/act/cps/redirect?redirect=1080\u0026cps_key=efaad5c0d018bebdee56492ced661c43\u0026from=console) |\n\n**广告位持续招租。。。。。。**\n\n\n\n**感谢[https://evolution-host.com](https://evolution-host.com/)的赞助**\n\n[![https://evolution-host.com/](https://img.sumsec.me/2022/03/29u5529ec29u5529ec.png)](https://evolution-host.com/)\n\n\n\n\u003cscript\u003e function cb(response) {     document.getElementById('visits').innerText = response.value; } \u003c/script\u003e \u003cscript async src=\"https://api.countapi.xyz/hit/sumsec.me/:PATHNAME:/visits?callback=cb\"\u003e\u003c/script\u003esumsec.me\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSummerSec%2FBlogPapers","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSummerSec%2FBlogPapers","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSummerSec%2FBlogPapers/lists"}