Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/cn-panda/javacodeaudit

Getting started with java code auditing 代码审计入门的小项目
https://github.com/cn-panda/javacodeaudit

code fastjson jackson java rce sql ssrf vulnerability-analysis weblogic xss

Last synced: about 1 month ago
JSON representation

Getting started with java code auditing 代码审计入门的小项目

Awesome Lists containing this project

README 

        
# About

The articles in this series are aimed at people who have a basic knowledge of Java's basic syntax. The contents of this series of articles mainly include:



* Introduction to audit environment

* SQL vulnerability principle and actual case introduction

* XSS vulnerability principle and actual case introduction

* SSRF vulnerability principle and actual case introduction

* RCE vulnerability principle and actual case introduction

* Includes vulnerability principles and actual case introductions

* Serialization vulnerability principle and actual case introduction

* S2 series classic vulnerability analysis

* WebLogic series of classic vulnerability analysis

* fastjson series classic vulnerability analysis

* Jackson series classic vulnerability analysis, etc.



The content order may be slightly adjusted, but the overall content will not change. Finally, I hope that this series of articles can bring you a little gain.



This project contains the source code needed based on the above article



Have fun



# 关于

本系列的文章面向人群主要是拥有 Java 基本语法基础的朋友,系列文章的内容主要包括:



* 审计环境介绍

* SQL 漏洞原理与实际案例介绍

* XSS 漏洞原理与实际案例介绍

* SSRF 漏洞原理与实际案例介绍

* RCE 漏洞原理与实际案例介绍

* 包含漏洞原理与实际案例介绍

* 序列化漏洞原理与实际案例介绍

* S2系列经典漏洞分析

* WebLogic 系列经典漏洞分析

* fastjson系列经典漏洞分析

* jackson系列经典漏洞分析等



可能内容顺序会略有调整,但是总体内容不会改变,最后希望这系列的文章能够给你带来一点收获。



本项目包含了基于上述文章中需要的源码



玩的开心