About

The articles in this series are aimed at people who have a basic knowledge of Java's basic syntax. The contents of this series of articles mainly include:

Introduction to audit environment
SQL vulnerability principle and actual case introduction
XSS vulnerability principle and actual case introduction
SSRF vulnerability principle and actual case introduction
RCE vulnerability principle and actual case introduction
Includes vulnerability principles and actual case introductions
Serialization vulnerability principle and actual case introduction
S2 series classic vulnerability analysis
WebLogic series of classic vulnerability analysis
fastjson series classic vulnerability analysis
Jackson series classic vulnerability analysis, etc.

The content order may be slightly adjusted, but the overall content will not change. Finally, I hope that this series of articles can bring you a little gain.

This project contains the source code needed based on the above article

Have fun

关于

本系列的文章面向人群主要是拥有 Java 基本语法基础的朋友，系列文章的内容主要包括：

审计环境介绍
SQL 漏洞原理与实际案例介绍
XSS 漏洞原理与实际案例介绍
SSRF 漏洞原理与实际案例介绍
RCE 漏洞原理与实际案例介绍
包含漏洞原理与实际案例介绍
序列化漏洞原理与实际案例介绍
S2系列经典漏洞分析
WebLogic 系列经典漏洞分析
fastjson系列经典漏洞分析
jackson系列经典漏洞分析等

可能内容顺序会略有调整，但是总体内容不会改变，最后希望这系列的文章能够给你带来一点收获。

本项目包含了基于上述文章中需要的源码

玩的开心

RCE环境问题

您好，作者，myeclipse部署完之后
RCE环境问题 exp请求报错

HTTP/1.1 500
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1531
Date: Tue, 17 Nov 2020 03:23:38 GMT
Connection: close

<title>Apache Tomcat/8.5.9 - Error report</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style>

HTTP Status 500 -

type Exception report

message

description The server encountered an internal error that prevented it from fulfilling this request.

exception

java.lang.NullPointerException
java.lang.Class.forName0(Native Method)
java.lang.Class.forName(Class.java:264)
com.sec.servlet.rceTest.CommandFound(rceTest.java:52)
com.sec.servlet.rceTest.service(rceTest.java:31)
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

note The full stack trace of the root cause is available in the Apache Tomcat/8.5.9 logs.
Apache Tomcat/8.5.9

十一月 17, 2020 11:23:38 上午 org.apache.catalina.core.StandardWrapperValve invoke

严重: Servlet.service() for servlet [com.sec.servlet.rceTest] in context with path [/rce] threw exception

java.lang.NullPointerException

at java.lang.Class.forName0(Native Method)

at java.lang.Class.forName(Class.java:264)

at com.sec.servlet.rceTest.CommandFound(rceTest.java:52)

at com.sec.servlet.rceTest.service(rceTest.java:31)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:474)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)

at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:789)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1437)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:745)

cn-panda / javacodeaudit Goto Github PK

javacodeaudit's Introduction

About

关于

javacodeaudit's People

Contributors

Stargazers

Watchers

Forkers

javacodeaudit's Issues

RCE环境问题

HTTP Status 500 -

Apache Tomcat/8.5.9

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent