🍺 Java Sec

Author: j3ers3

README.md

@@ -1,7 +1,7 @@
 # ☕️ Hello Java Sec ![Stage](https://img.shields.io/badge/Release-DEV-brightgreen.svg)
 > Java漏洞平台，结合漏洞代码和安全编码，帮助研发同学理解和减少漏洞
 
-![](media/16278906186353.jpg)
+![](media/16304933749187.jpg)
 
 
 - 默认账号：admin/admin
@@ -17,10 +17,15 @@
 - [x] Directory Traversal
 - [x] Redirect
 - [ ] CSRF
-- [ ] File Upload
+- [x] File Upload
 - [x] XXE
 - [x] Actuator
-- [ ] Fastjson
+- [x] Fastjson
+- [x] Xstream
+- [ ] 越权
+- [ ] more
+
+![](media/16304936834843.jpg)
 
 ## Run
 ### IDEA
@@ -40,9 +45,8 @@ java -jar target/hello-1.0.0-SNAPSHOT.jar
 ```
 
 
-## 环境
+## 技术架构
 - Java 1.8
 - SpringBoot 4.0
 - Bootstrap 4.6.0
 - Codemirror 5.62.0
-- Fastjson 1.2.24

hello.iml

@@ -84,8 +84,6 @@
     <orderEntry type="library" scope="TEST" name="Maven: org.xmlunit:xmlunit-core:2.7.0" level="project" />
     <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-web:2.4.1" level="project" />
     <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-json:2.4.1" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-databind:2.11.3" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-core:2.11.3" level="project" />
     <orderEntry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.11.3" level="project" />
     <orderEntry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.11.3" level="project" />
     <orderEntry type="library" name="Maven: com.fasterxml.jackson.module:jackson-module-parameter-names:2.11.3" level="project" />
@@ -157,7 +155,6 @@
     <orderEntry type="library" name="Maven: io.springfox:springfox-swagger2:2.9.2" level="project" />
     <orderEntry type="library" name="Maven: io.swagger:swagger-annotations:1.5.20" level="project" />
     <orderEntry type="library" name="Maven: io.swagger:swagger-models:1.5.20" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.11.3" level="project" />
     <orderEntry type="library" name="Maven: io.springfox:springfox-spi:2.9.2" level="project" />
     <orderEntry type="library" name="Maven: io.springfox:springfox-core:2.9.2" level="project" />
     <orderEntry type="library" name="Maven: io.springfox:springfox-schema:2.9.2" level="project" />
@@ -170,5 +167,17 @@
     <orderEntry type="library" name="Maven: org.springframework.plugin:spring-plugin-metadata:1.2.0.RELEASE" level="project" />
     <orderEntry type="library" name="Maven: org.mapstruct:mapstruct:1.2.0.Final" level="project" />
     <orderEntry type="library" name="Maven: org.jsoup:jsoup:1.12.2" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-data-ldap:2.4.1" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.data:spring-data-ldap:2.4.2" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.ldap:spring-ldap-core:2.3.3.RELEASE" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.data:spring-data-commons:2.4.2" level="project" />
+    <orderEntry type="library" name="Maven: commons-io:commons-io:2.11.0" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.shiro:shiro-spring:1.2.4" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.shiro:shiro-core:1.2.4" level="project" />
+    <orderEntry type="library" name="Maven: commons-beanutils:commons-beanutils:1.8.3" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.shiro:shiro-web:1.2.4" level="project" />
+    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-databind:2.11.0" level="project" />
+    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.11.0" level="project" />
+    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-core:2.11.0" level="project" />
   </component>
 </module>

media/16278906186353.jpg

@@ -11,7 +11,7 @@
 
     <groupId>com.best</groupId>
     <artifactId>hello</artifactId>
-    <version>1.0.0-SNAPSHOT</version>
+    <version>1.0.2</version>
     <name>hello java sec</name>
     <description>Java Sec</description>
     <packaging>jar</packaging>
@@ -72,6 +72,7 @@
             <version>1.2.24</version>
         </dependency>
 
+        <!-- 多个rce漏洞-->
         <dependency>
             <groupId>com.thoughtworks.xstream</groupId>
             <artifactId>xstream</artifactId>
@@ -146,6 +147,57 @@
             <version>1.12.2</version>
         </dependency>
 
+        <!-- LDAP -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-ldap</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>2.11.0</version>
+        </dependency>
+
+        <!-- shiro rce -->
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-spring</artifactId>
+            <version>1.2.4</version>
+        </dependency>
+
+
+        <!-- Jackson 引入低版本会报错 -->
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>2.11.0</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-annotations</artifactId>
+            <version>2.11.0</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-core</artifactId>
+            <version>2.11.0</version>
+        </dependency>
+
+        <!-- AMF RCE
+        <dependency>
+            <groupId>org.apache.flex.blazeds</groupId>
+            <artifactId>flex-messaging-common</artifactId>
+            <version>4.7.2</version>
+        </dependency>
+        -->
+
+
+        <!-- Spring Security -->
+
+
     </dependencies>
 
     <build>

media/16304933749187.jpg

@@ -13,6 +13,7 @@
 
 /**
  * Swagger2
+ *
  * @date 2021/07/25
  */
 

media/16304936834843.jpg

@@ -10,7 +10,6 @@ public class LoginHandlerInterceptor implements HandlerInterceptor {
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
         // 用户登录成功后获取session
         Object session = request.getSession().getAttribute("LoginUser");
-        System.out.println("[*] session用户：" + session);
         if (session == null) {
             request.setAttribute("msg", "请先登录");
             request.getRequestDispatcher("/login").forward(request, response);

pom.xml

@@ -13,9 +13,9 @@ public class MvcConfig implements WebMvcConfigurer {
     @Override
     public void addViewControllers(ViewControllerRegistry registry) {
         // 路由 -> 视图.html
-        registry.addViewController("/").setViewName("index");
-        registry.addViewController("/index").setViewName("index");
+        registry.addViewController("/").setViewName("login");
         registry.addViewController("/login").setViewName("login");
+        registry.addViewController("/index").setViewName("index");
         registry.addViewController("/index/xss").setViewName("xss");
         registry.addViewController("/index/rce").setViewName("rce");
         registry.addViewController("/index/spel").setViewName("spel");
@@ -28,16 +28,22 @@ public void addViewControllers(ViewControllerRegistry registry) {
         registry.addViewController("/index/deserialize").setViewName("deserialize");
         registry.addViewController("/index/redirect").setViewName("redirect");
         registry.addViewController("/index/actuator").setViewName("actuator");
+        registry.addViewController("/index/broken_access_control").setViewName("bac");
+        registry.addViewController("/index/upload").setViewName("upload");
+        registry.addViewController("/index/password").setViewName("password");
+        registry.addViewController("/index/xstream").setViewName("xstream");
+        registry.addViewController("/index/fastjson").setViewName("fastjson");
 
     }
 
     /**
      * 拦截器，判断是否登录成功
+     * todo
      */
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
         registry.addInterceptor(new LoginHandlerInterceptor())
                 .addPathPatterns("/**")
-                .excludePathPatterns("/index", "/", "/user/login", "/login", "/css/**", "/js/**", "/img/**");
+                .excludePathPatterns("/user/login", "/login", "/", "/css/**", "/js/**", "/img/**");
     }
 }

src/main/java/com/best/hello/Swagger2.java

@@ -0,0 +1,5 @@
+package com.best.hello.controller;
+
+public class BAC {
+
+}