diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/application.properties b/out/artifacts/java_sec_code_war/WEB-INF/classes/application.properties
new file mode 100644
index 00000000..cdb84e53
--- /dev/null
+++ b/out/artifacts/java_sec_code_war/WEB-INF/classes/application.properties
@@ -0,0 +1,4 @@
+
+# Spring Boot Actuator Vulnerable Config
+management.security.enabled=false
+logging.config=classpath:logback-online.xml
\ No newline at end of file
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/logback-online.xml b/out/artifacts/java_sec_code_war/WEB-INF/classes/logback-online.xml
new file mode 100644
index 00000000..4bda3a99
--- /dev/null
+++ b/out/artifacts/java_sec_code_war/WEB-INF/classes/logback-online.xml
@@ -0,0 +1,12 @@
+<configuration>
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <withJansi>true</withJansi>
+        <encoder>
+            <pattern>[%thread] %highlight(%-5level) %cyan(%logger{15}) - %msg %n</pattern>
+        </encoder>
+    </appender>
+    <root level="info">
+        <appender-ref ref="STDOUT" />
+    </root>
+    <jmxConfigurator/>
+</configuration>
\ No newline at end of file
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/Application.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/Application.class
new file mode 100644
index 00000000..728a98ce
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/Application.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/RMI/Client.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/RMI/Client.class
new file mode 100644
index 00000000..5d97a7ab
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/RMI/Client.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/RMI/Hello.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/RMI/Hello.class
new file mode 100644
index 00000000..1c812456
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/RMI/Hello.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/RMI/Server.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/RMI/Server.class
new file mode 100644
index 00000000..74b2b5b5
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/RMI/Server.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/CORS.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/CORS.class
new file mode 100644
index 00000000..94d08c37
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/CORS.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/CRLFInjection.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/CRLFInjection.class
new file mode 100644
index 00000000..ed93f062
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/CRLFInjection.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/Deserialize.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/Deserialize.class
new file mode 100644
index 00000000..8e89cace
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/Deserialize.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/Fastjson.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/Fastjson.class
new file mode 100644
index 00000000..05765d1d
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/Fastjson.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/FileUpload.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/FileUpload.class
new file mode 100644
index 00000000..8b92229d
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/FileUpload.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/IPForge.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/IPForge.class
new file mode 100644
index 00000000..bd48b6a1
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/IPForge.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/Index.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/Index.class
new file mode 100644
index 00000000..131efe4d
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/Index.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/JSONP.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/JSONP.class
new file mode 100644
index 00000000..f27f3f31
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/JSONP.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/Rce.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/Rce.class
new file mode 100644
index 00000000..08a81116
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/Rce.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/SPEL.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/SPEL.class
new file mode 100644
index 00000000..c6f2f4c1
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/SPEL.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/SQLI.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/SQLI.class
new file mode 100644
index 00000000..3da432ec
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/SQLI.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/SSRF.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/SSRF.class
new file mode 100644
index 00000000..c7cd6c3b
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/SSRF.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/URLRedirect.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/URLRedirect.class
new file mode 100644
index 00000000..51030c4b
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/URLRedirect.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/URLWhiteList.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/URLWhiteList.class
new file mode 100644
index 00000000..459eacaf
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/URLWhiteList.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/XSS.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/XSS.class
new file mode 100644
index 00000000..0eb20f52
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/XSS.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/XXE.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/XXE.class
new file mode 100644
index 00000000..29b39d97
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/controller/XXE.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/imageConfig.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/imageConfig.class
new file mode 100644
index 00000000..b1ec8e27
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/imageConfig.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/utils/Security.class b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/utils/Security.class
new file mode 100644
index 00000000..b53838e5
Binary files /dev/null and b/out/artifacts/java_sec_code_war/WEB-INF/classes/org/joychou/utils/Security.class differ
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/templates/upload.html b/out/artifacts/java_sec_code_war/WEB-INF/classes/templates/upload.html
new file mode 100644
index 00000000..10898e0b
--- /dev/null
+++ b/out/artifacts/java_sec_code_war/WEB-INF/classes/templates/upload.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<body>
+
+<h3>file upload</h3>
+
+<form method="POST" action="upload" enctype="multipart/form-data">
+    <input type="file" name="file" /><br/><br/>
+    <input type="submit" value="Submit" />
+</form>
+
+</body>
+</html>
diff --git a/out/artifacts/java_sec_code_war/WEB-INF/classes/templates/uploadStatus.html b/out/artifacts/java_sec_code_war/WEB-INF/classes/templates/uploadStatus.html
new file mode 100644
index 00000000..f39fa45c
--- /dev/null
+++ b/out/artifacts/java_sec_code_war/WEB-INF/classes/templates/uploadStatus.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en" xmlns:th="http://www.thymeleaf.org">
+<body>
+
+<div th:if="${message}">
+    <h4 th:text="${message}"/>
+</div>
+
+</body>
+</html>
\ No newline at end of file