Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/yuyan-sec/druid_sessions
获取 alibaba druid 一些 sessions , sql , urls
https://github.com/yuyan-sec/druid_sessions
Last synced: 3 months ago
JSON representation
获取 alibaba druid 一些 sessions , sql , urls
- Host: GitHub
- URL: https://github.com/yuyan-sec/druid_sessions
- Owner: yuyan-sec
- Created: 2021-06-08T19:22:03.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2023-02-19T14:37:57.000Z (over 1 year ago)
- Last Synced: 2024-06-06T18:57:01.884Z (5 months ago)
- Homepage:
- Size: 451 KB
- Stars: 221
- Watchers: 2
- Forks: 25
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - yuyan-sec/druid_sessions - 获取 alibaba druid 一些 sessions , sql , urls (Others)
README
### 使用说明:
利用工具快速获取 Alibaba Druid 的相关参数(sessions, sql, uri, jdbc ),然后就可以利用Burpsuite进行遍历sessions验证是否可用,如果运气好就可以利用session进入后台或者getshell 啦。
### 利用实例
cwkiller师傅的利用文章:https://www.cnblogs.com/cwkiller/p/12483223.html
从druid未授权到getshell:https://xz.aliyun.com/t/10110
### 工具说明:
使用了 swing , 应该支持所有 jdk 了
默认请求带有 /druid/* 相关路径
GUI 界面参考:https://github.com/f0ng/poc2jar
----
#### 仅供学习交流,切勿用于非法用途,否则一切后果自负!