From d76cba331b3902ddb052e766db4a3d9ba53a3d0d Mon Sep 17 00:00:00 2001
From: godzeo <64398024+godzeo@users.noreply.github.com>
Date: Sun, 2 Aug 2020 20:10:26 +0800
Subject: [PATCH 1/3] Delete README.md
---
README.md | 205 ------------------------------------------------------
1 file changed, 205 deletions(-)
delete mode 100644 README.md
diff --git a/README.md b/README.md
deleted file mode 100644
index 2c0a0bc8..00000000
--- a/README.md
+++ /dev/null
@@ -1,205 +0,0 @@
-# Java Sec Code
-
-
-Java sec code is a very powerful and friendly project for learning Java vulnerability code.
-
-[中文文档](https://github.com/JoyChou93/java-sec-code/blob/master/README_zh.md)
-
-## Introduce
-
-This project can also be called Java vulnerability code.
-
-Each vulnerability type code has a security vulnerability by default unless there is no vulnerability. The relevant fix code is in the comments or code. Specifically, you can view each vulnerability code and comments.
-
-[Online demo](http://118.25.15.216:8080)
-
-Login username & password:
-
-```
-admin/admin123
-joychou/joychou123
-```
-
-
-## Vulnerability Code
-
-Sort by letter.
-
-- [Actuators to RCE](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/resources/logback-online.xml)
-- [CommandInject](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/CommandInject.java)
-- [CORS](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/CORS.java)
-- [CRLF Injection](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/CRLFInjection.java)
-- [CSRF](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/security/WebSecurityConfig.java)
-- [Deserialize](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/Deserialize.java)
-- [Fastjson](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/Fastjson.java)
-- [File Upload](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/FileUpload.java)
-- [GetRequestURI](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/GetRequestURI.java)
-- [IP Forge](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/IPForge.java)
-- [Java RMI](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/RMI/Server.java)
-- [JSONP](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/Jsonp.java)
-- [ooxmlXXE](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/othervulns/ooxmlXXE.java)
-- [PathTraversal](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/PathTraversal.java)
-- [RCE](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/Rce.java)
-- [SpEL](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SpEL.java)
-- [SQL Injection](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SQLI.java)
-- [SSRF](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SSRF.java)
-- [SSTI](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SSTI.java)
-- [URL Redirect](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/URLRedirect.java)
-- [URL whitelist Bypass](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/URLWhiteList.java)
-- [xlsxStreamerXXE](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/othervulns/xlsxStreamerXXE.java)
-- [XSS](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/XSS.java)
-- [XStream](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/XStreamRce.java)
-- [XXE](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/XXE.java)
-
-
-
-## Vulnerability Description
-
-- [Actuators to RCE](https://github.com/JoyChou93/java-sec-code/wiki/Actuators-to-RCE)
-- [CORS](https://github.com/JoyChou93/java-sec-code/wiki/CORS)
-- [CSRF](https://github.com/JoyChou93/java-sec-code/wiki/CSRF)
-- [Deserialize](https://github.com/JoyChou93/java-sec-code/wiki/Deserialize)
-- [Fastjson](https://github.com/JoyChou93/java-sec-code/wiki/Fastjson)
-- [Java RMI](https://github.com/JoyChou93/java-sec-code/wiki/Java-RMI)
-- [JSONP](https://github.com/JoyChou93/java-sec-code/wiki/JSONP)
-- [POI-OOXML XXE](https://github.com/JoyChou93/java-sec-code/wiki/Poi-ooxml-XXE)
-- [SQLI](https://github.com/JoyChou93/java-sec-code/wiki/SQL-Inject)
-- [SSRF](https://github.com/JoyChou93/java-sec-code/wiki/SSRF)
-- [SSTI](https://github.com/JoyChou93/java-sec-code/wiki/SSTI)
-- [URL whitelist Bypass](https://github.com/JoyChou93/java-sec-code/wiki/URL-whtielist-Bypass)
-- [XXE](https://github.com/JoyChou93/java-sec-code/wiki/XXE)
-- [Others](https://github.com/JoyChou93/java-sec-code/wiki/others)
-
-## How to run
-
-The application will use mybatis auto-injection. Please run mysql server ahead of time and configure the mysql server database's name and username/password except docker environment.
-
-```
-spring.datasource.url=jdbc:mysql://127.0.0.1:3306/java_sec_code
-spring.datasource.username=root
-spring.datasource.password=woshishujukumima
-```
-
-- Docker
-- IDEA
-- Tomcat
-- JAR
-
-### Docker
-
-
-Start docker:
-
-```
-docker-compose pull
-docker-compose up
-```
-
-
-Stop docker:
-
-```
-docker-compose down
-```
-
-Docker's environment:
-
-- Java 1.8.0_102
-- Mysql 8.0.17
-- Tomcat 8.5.11
-
-
-### IDEA
-
-- `git clone https://github.com/JoyChou93/java-sec-code`
-- Open in IDEA and click `run` button.
-
-Example:
-
-```
-http://localhost:8080/rce/exec?cmd=whoami
-```
-
-return:
-
-```
-Viarus
-```
-
-### Tomcat
-
-- `git clone https://github.com/JoyChou93/java-sec-code` & `cd java-sec-code`
-- Build war package by `mvn clean package`.
-- Copy war package to tomcat webapps directory.
-- Start tomcat application.
-
-Example:
-
-```
-http://localhost:8080/java-sec-code-1.0.0/rce/exec?cmd=whoami
-```
-
-return:
-
-```
-Viarus
-```
-
-
-### JAR
-
-Change `war` to `jar` in `pom.xml`.
-
-```xml
-sec
-java-sec-code
-1.0.0
-war
-```
-
-Build package and run.
-
-```
-git clone https://github.com/JoyChou93/java-sec-code
-cd java-sec-code
-mvn clean package -DskipTests
-java -jar target/java-sec-code-1.0.0.jar
-```
-
-## Authenticate
-
-### Login
-
-[http://localhost:8080/login](http://localhost:8080/login)
-
-If you are not logged in, accessing any page will redirect you to the login page. The username & password are as follows.
-
-```
-admin/admin123
-joychou/joychou123
-```
-
-### Logout
-
-[http://localhost:8080/logout](http://localhost:8080/logout)
-
-### RememberMe
-
-Tomcat's default JSESSION session is valid for 30 minutes, so a 30-minute non-operational session will expire. In order to solve this problem, the rememberMe function is introduced, and the default expiration time is 2 weeks.
-
-
-## Contributors
-
-Core developers : [JoyChou](https://github.com/JoyChou93), [liergou9981](https://github.com/liergou9981)
-Other developers: [lightless](https://github.com/lightless233), [Anemone95](https://github.com/Anemone95), [waderwu](https://github.com/waderwu).
-
-
-## Donate
-
-If you like the poject, you can donate to support me. With your support, I will be able to make `Java sec code` better 😎.
-
-### Alipay
-
-Scan the QRcode to support `Java sec code`.
-
-
From 9a7ca6730a677795e6855fa24d445136847e2de2 Mon Sep 17 00:00:00 2001
From: godzeo <64398024+godzeo@users.noreply.github.com>
Date: Sun, 2 Aug 2020 20:15:01 +0800
Subject: [PATCH 2/3] Update README_zh.md
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
第一次修改
---
README_zh.md | 44 +++++++-------------------------------------
1 file changed, 7 insertions(+), 37 deletions(-)
diff --git a/README_zh.md b/README_zh.md
index 72477885..17876f17 100644
--- a/README_zh.md
+++ b/README_zh.md
@@ -2,7 +2,13 @@
对于学习Java漏洞代码来说,`Java Sec Code`是一个非常强大且友好的项目。
-[英文文档](https://github.com/JoyChou93/java-sec-code/blob/master/README.md)
+原作者老哥写的没问题,就是网络问题会导致不能用,我就自行修改了一下,我就拉我这里自己改着玩吧
+
+我自己fork过来,修复一下,后续会自己做实验,修改一些东西
+
+[原文地址](https://github.com/JoyChou93/java-sec-code/)
+
+他的docker 和在线dome 现在都不能登陆了,过段时间可能可以?
## 介绍
@@ -10,8 +16,6 @@
每个漏洞类型代码默认存在安全漏洞(除非本身不存在漏洞),相关修复代码在注释里。具体可查看每个漏洞代码和注释。
-[在线Demo](http://118.25.15.216:8080)
-
登录用户名密码:
```
@@ -80,27 +84,6 @@ spring.datasource.password=woshishujukumima
- Tomcat
- JAR
-### Docker
-
-开启应用:
-
-```
-docker-compose pull
-docker-compose up
-```
-
-关闭应用:
-
-```
-docker-compose down
-```
-
-Docker环境:
-
-- Java 1.8.0_102
-- Mysql 8.0.17
-- Tomcat 8.5.11
-
### IDEA
- `git clone https://github.com/JoyChou93/java-sec-code`
@@ -181,16 +164,3 @@ joychou/joychou123
Tomcat默认JSESSION会话有效时间为30分钟,所以30分钟不操作会话将过期。为了解决这一问题,引入rememberMe功能,默认过期时间为2周。
-## 贡献者
-
-核心开发者: [JoyChou](https://github.com/JoyChou93).其他开发者:[lightless](https://github.com/lightless233), [Anemone95](https://github.com/Anemone95)。欢迎各位提交PR。
-
-## 捐赠
-
-如果你喜欢这个项目,你可以捐款来支持我。 有了你的支持,我将能够更好地制作`Java sec code`项目。
-
-### Alipay
-
-扫描支付宝二维码支持`Java sec code`。
-
-
From 406b75afe8a815246c8a76c8f614f8fad41f3a9e Mon Sep 17 00:00:00 2001
From: godzeo <64398024+godzeo@users.noreply.github.com>
Date: Sun, 2 Aug 2020 20:15:27 +0800
Subject: [PATCH 3/3] Rename README_zh.md to README.md
---
README_zh.md => README.md | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename README_zh.md => README.md (100%)
diff --git a/README_zh.md b/README.md
similarity index 100%
rename from README_zh.md
rename to README.md