https://github.com/yuyan-sec/druid_sessions
获取 alibaba druid 一些 sessions , sql , urls
https://github.com/yuyan-sec/druid_sessions
Last synced: 6 days ago
JSON representation
获取 alibaba druid 一些 sessions , sql , urls
- Host: GitHub
- URL: https://github.com/yuyan-sec/druid_sessions
- Owner: yuyan-sec
- Created: 2021-06-08T19:22:03.000Z (almost 5 years ago)
- Default Branch: main
- Last Pushed: 2025-04-04T07:58:19.000Z (11 months ago)
- Last Synced: 2025-07-11T22:32:22.840Z (8 months ago)
- Language: Java
- Homepage:
- Size: 473 KB
- Stars: 278
- Watchers: 3
- Forks: 26
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - yuyan-sec/druid_sessions - 获取 alibaba druid 一些 sessions , sql , urls (Others)
README
### 使用说明:
利用工具快速获取 Alibaba Druid 的相关参数(sessions, sql, uri, jdbc ),然后就可以利用Burpsuite进行遍历sessions验证是否可用,如果运气好就可以利用session进入后台或者getshell 啦。
### 利用实例
cwkiller师傅的利用文章:https://www.cnblogs.com/cwkiller/p/12483223.html
从druid未授权到getshell:https://xz.aliyun.com/t/10110
### 工具说明:
使用了 swing , 应该支持所有 jdk 了
默认请求带有 /druid/* 相关路径
GUI 界面参考:https://github.com/f0ng/poc2jar
----
#### 仅供学习交流,切勿用于非法用途,否则一切后果自负!