From 378a2f2e002f3ae1a01fcbc90af3db7533b50752 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Thu, 29 Dec 2022 12:50:12 +0800 Subject: [PATCH 01/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 2 ++ 1 file changed, 2 insertions(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index d230a63..49fb0c7 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -230,3 +230,5 @@ + 2022/12/28 [溯源实例-从OA到某信源RCE全0day渗透](https://mp.weixin.qq.com/s?__biz=Mzg5OTY2NjUxMw==&mid=2247502698&idx=1&sn=5bfb3124ea5e6dde0f75a16dcc0281c7&chksm=c04d4c54f73ac54284ab70eb074cca632f177ce7af61440cf6a9a47ac17b01ad9a105d6b14e0&subscene=236&key=65a52f471bc41d13b06f820a346368bbb4e4f5342b20850e7a77c8224a338af9d3257d5f4d1f771946ff2bde8a2de3838ef166f262aa3a96f7cae7c3b2581ca8a81e130ac03a98e20269c21b3c4388ce02a40367460b5486fa035d58e7973f7e0119cab28b07861b0c03315d5c1285da188ec1b0bfbe37e35ee05af34397a18e&ascene=7&uin=ODYyODE3NzI1&devicetype=Windows+10+x64&version=6308011a&lang=zh_CN&exportkey=n_ChQIAhIQp5liK4%2FGWZqVL2Un7OelRxLgAQIE97dBBAEAAAAAAG3xIKrEpowAAAAOpnltbLcz9gKNyK89dVj01MV50uZ2yoWxvdVPBS6nWl9mhSxXxZU6TC1EzeR8twNAtjlPlR%2BlkVNUUWtnUyuEkRgAsssOTDpaTQW1DGrprZEvTAgVXo3NoSI2Wz%2F9eScz2ACkvqF2rDsjp7WCVYF2Hl06xyJpJrlMNtn8AFjdPRh2352Y5klVxQ7BEtppP0ymCCSvNXigWUp5r1efdCEt6C7IMr12jsU4QaBGzmIASwIwdPunj6oeyeww%2B27Awg4kpvYKMBxgCZR9&acctmode=0&pass_ticket=BZXHTJB745OK74KYAukYaeZngdGnH8T2IaWh7T7wSCXlPlkLM%2FrS4cixsrs5q4hv2Q3obpsbuOUcPLpKfDhtHA%3D%3D&wx_header=1&fontgear=2) **不错** + 2022/12/28 [Android 远程攻击面——WebView 攻防](https://mp.weixin.qq.com/s?__biz=MzI0Njg4NzE3MQ==&mid=2247490611&idx=1&sn=837678e428d46cddf588c8d6fc8b7dfd&chksm=e9b93a5fdeceb349357bd2cdb290ae1c31e8e63b8f3c793ee24780fb5af9b68f95812ead9f13&subscene=236&key=fe7e74d3eacd7a65828a0ce0e318fdea2e2ccd9e009a21e3e4624d8991854c06c5b6cae849bc9e4e44533463ae99a2c32dc7b3d3d085a0504aa762fdf7d10e650e04f312a4af452e290c74eb09aa3b920b4d755383b4656815d50939776dae2b1a3708ed2dc80b61f0cb947562edf2c404fdbf88353b3da1a1ce7c0bb1e146b5&ascene=7&uin=ODYyODE3NzI1&devicetype=Windows+10+x64&version=6308011a&lang=zh_CN&exportkey=n_ChQIAhIQkmMc3S%2BR4POkBz6WNBhgzhLgAQIE97dBBAEAAAAAAEt1Ay0JAV0AAAAOpnltbLcz9gKNyK89dVj0%2FvvQaNijZxhY4D5kpMxru76EYhQ6ux%2BmNJ7Yb0mAhoiwczAd6gUnkS6geo44uTYsLTCJdvSqGoJm%2BSlQc7QOaLOYE7M4J2tjl7BZZd1SDJly%2BY2r5Z%2FYGl80IKiMXYWDnQW8ghg2yu5p9x%2FqI7W0SMnmoSXYuSbFfwfBjlYDoTdQvk3PQ1qnRsRkwmFqr335CD7pLQeFal3FiaJ3JYIC%2BC8Rk6r9DGhatU5IRLe8o2EevyG35KnmpqW8&acctmode=0&pass_ticket=BZXHTJB745OK74KYAukYaeZngdGnH8T2IaWh7T7wSCU9NSOr5Ca%2Bl68ysc6dTAsgsjjNjYJt%2BpYHw6rW7dB9ag%3D%3D&wx_header=1&fontgear=2) **之后说不定遇到学习** + 2022/12/28 [CVE-2022-08475-DirtyPipe](https://mp.weixin.qq.com/s/irugqDGx3OdZylcSGlMfZg) **学习** ++ 2022/12/29 [SpringBoot 过滤器、拦截器、监听器对比及使用场景](https://mp.weixin.qq.com/s?__biz=MzU4MDUyMDQyNQ==&mid=2247512806&idx=1&sn=318c6db2e1d16c5d9521ce9b9a2fb2ac&chksm=fd576260ca20eb76728e35c1f117aa1d061c1bb018bed5f9395ca8bb44aa86acae73d0320371&mpshare=1&scene=23&srcid=122980IZlDnN4Gzh8Mca6QxM&sharer_sharetime=1672286098025&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) ++ 2022/12/29 [看图识WAF-搜集常见WAF拦截页面](https://mp.weixin.qq.com/s?__biz=MzU1NjgzOTAyMg==&mid=2247505571&idx=2&sn=455e76881cf5f069527c3ca6848093fe&chksm=fc3c6fa2cb4be6b4f6aaa14d3d927daa243ea5097f380f85feab844eb617a5d720372275fedb&mpshare=1&scene=23&srcid=1229yAzgrWljKcryXoK9hoVh&sharer_sharetime=1672281327599&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **收集学习** From 915aa84993cf6fa5b3aa5a9818e93b468b7b008f Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Mon, 2 Jan 2023 00:20:16 +0800 Subject: [PATCH 02/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 3 +++ 1 file changed, 3 insertions(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 49fb0c7..603f323 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -232,3 +232,6 @@ + 2022/12/28 [CVE-2022-08475-DirtyPipe](https://mp.weixin.qq.com/s/irugqDGx3OdZylcSGlMfZg) **学习** + 2022/12/29 [SpringBoot 过滤器、拦截器、监听器对比及使用场景](https://mp.weixin.qq.com/s?__biz=MzU4MDUyMDQyNQ==&mid=2247512806&idx=1&sn=318c6db2e1d16c5d9521ce9b9a2fb2ac&chksm=fd576260ca20eb76728e35c1f117aa1d061c1bb018bed5f9395ca8bb44aa86acae73d0320371&mpshare=1&scene=23&srcid=122980IZlDnN4Gzh8Mca6QxM&sharer_sharetime=1672286098025&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) + 2022/12/29 [看图识WAF-搜集常见WAF拦截页面](https://mp.weixin.qq.com/s?__biz=MzU1NjgzOTAyMg==&mid=2247505571&idx=2&sn=455e76881cf5f069527c3ca6848093fe&chksm=fc3c6fa2cb4be6b4f6aaa14d3d927daa243ea5097f380f85feab844eb617a5d720372275fedb&mpshare=1&scene=23&srcid=1229yAzgrWljKcryXoK9hoVh&sharer_sharetime=1672281327599&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **收集学习** + +## 2023 ++ 2023/01/01 [一文详解|如何写出优雅的代码](https://developer.aliyun.com/article/1117703) **新年第一篇 冲冲冲!!!!!** From 7f0ca5f8a3fb33ddf178cf4032d9cf6e75eb3044 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Mon, 2 Jan 2023 00:22:21 +0800 Subject: [PATCH 03/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 603f323..a28942e 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -232,6 +232,7 @@ + 2022/12/28 [CVE-2022-08475-DirtyPipe](https://mp.weixin.qq.com/s/irugqDGx3OdZylcSGlMfZg) **学习** + 2022/12/29 [SpringBoot 过滤器、拦截器、监听器对比及使用场景](https://mp.weixin.qq.com/s?__biz=MzU4MDUyMDQyNQ==&mid=2247512806&idx=1&sn=318c6db2e1d16c5d9521ce9b9a2fb2ac&chksm=fd576260ca20eb76728e35c1f117aa1d061c1bb018bed5f9395ca8bb44aa86acae73d0320371&mpshare=1&scene=23&srcid=122980IZlDnN4Gzh8Mca6QxM&sharer_sharetime=1672286098025&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) + 2022/12/29 [看图识WAF-搜集常见WAF拦截页面](https://mp.weixin.qq.com/s?__biz=MzU1NjgzOTAyMg==&mid=2247505571&idx=2&sn=455e76881cf5f069527c3ca6848093fe&chksm=fc3c6fa2cb4be6b4f6aaa14d3d927daa243ea5097f380f85feab844eb617a5d720372275fedb&mpshare=1&scene=23&srcid=1229yAzgrWljKcryXoK9hoVh&sharer_sharetime=1672281327599&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **收集学习** ++ 2022/12/31 嗯其实没有看什么文章主要是在写代码,还是假装记录一下。新年快乐!!! ## 2023 + 2023/01/01 [一文详解|如何写出优雅的代码](https://developer.aliyun.com/article/1117703) **新年第一篇 冲冲冲!!!!!** From 8e0db0695dc943634bea02e9063ed249f550d5c0 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Mon, 2 Jan 2023 19:07:54 +0800 Subject: [PATCH 04/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index a28942e..db8701a 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -236,3 +236,4 @@ ## 2023 + 2023/01/01 [一文详解|如何写出优雅的代码](https://developer.aliyun.com/article/1117703) **新年第一篇 冲冲冲!!!!!** ++ 2023/01/02 [华为云CTF cloud非预期解之k8s渗透实战](https://annevi.cn/2020/12/21/%e5%8d%8e%e4%b8%ba%e4%ba%91ctf-cloud%e9%9d%9e%e9%a2%84%e6%9c%9f%e8%a7%a3%e4%b9%8bk8s%e6%b8%97%e9%80%8f%e5%ae%9e%e6%88%98/) **学习** From 3c6df7884f3ddf7dfccc922265c17a8e53725064 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Wed, 4 Jan 2023 15:37:54 +0800 Subject: [PATCH 05/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index db8701a..dd3a96a 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -237,3 +237,4 @@ ## 2023 + 2023/01/01 [一文详解|如何写出优雅的代码](https://developer.aliyun.com/article/1117703) **新年第一篇 冲冲冲!!!!!** + 2023/01/02 [华为云CTF cloud非预期解之k8s渗透实战](https://annevi.cn/2020/12/21/%e5%8d%8e%e4%b8%ba%e4%ba%91ctf-cloud%e9%9d%9e%e9%a2%84%e6%9c%9f%e8%a7%a3%e4%b9%8bk8s%e6%b8%97%e9%80%8f%e5%ae%9e%e6%88%98/) **学习** ++ 2023/01/04 [Soot 静态分析框架(五)Annotation 的实现](https://blog.csdn.net/raintungli/article/details/102634829) **soot中存在api直接调用注解信息** From 027907f5030360b5a5931aa76146f86673d4b566 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 8 Jan 2023 12:58:13 +0800 Subject: [PATCH 06/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index dd3a96a..6abcd75 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -238,3 +238,4 @@ + 2023/01/01 [一文详解|如何写出优雅的代码](https://developer.aliyun.com/article/1117703) **新年第一篇 冲冲冲!!!!!** + 2023/01/02 [华为云CTF cloud非预期解之k8s渗透实战](https://annevi.cn/2020/12/21/%e5%8d%8e%e4%b8%ba%e4%ba%91ctf-cloud%e9%9d%9e%e9%a2%84%e6%9c%9f%e8%a7%a3%e4%b9%8bk8s%e6%b8%97%e9%80%8f%e5%ae%9e%e6%88%98/) **学习** + 2023/01/04 [Soot 静态分析框架(五)Annotation 的实现](https://blog.csdn.net/raintungli/article/details/102634829) **soot中存在api直接调用注解信息** ++ 2023/01/08 [浅谈Nacos漏洞之超管权限后续利用](https://mp.weixin.qq.com/s?__biz=MzkxNDAyNTY2NA==&mid=2247495724&idx=2&sn=dcc0629faaf7379bba94a34937db3358&chksm=c1760d83f6018495787c8c4e747f2507ae50ffc7d3fb318ac45892dd1b216b70e942b74259e1&mpshare=1&scene=23&srcid=0107IDEenH2fh5g0656NUtgL&sharer_sharetime=1673107217827&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) From 4ffc6062320dfec42e32b3cd4c2085057a8da64c Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 8 Jan 2023 15:36:02 +0800 Subject: [PATCH 07/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 6abcd75..b00662c 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -239,3 +239,4 @@ + 2023/01/02 [华为云CTF cloud非预期解之k8s渗透实战](https://annevi.cn/2020/12/21/%e5%8d%8e%e4%b8%ba%e4%ba%91ctf-cloud%e9%9d%9e%e9%a2%84%e6%9c%9f%e8%a7%a3%e4%b9%8bk8s%e6%b8%97%e9%80%8f%e5%ae%9e%e6%88%98/) **学习** + 2023/01/04 [Soot 静态分析框架(五)Annotation 的实现](https://blog.csdn.net/raintungli/article/details/102634829) **soot中存在api直接调用注解信息** + 2023/01/08 [浅谈Nacos漏洞之超管权限后续利用](https://mp.weixin.qq.com/s?__biz=MzkxNDAyNTY2NA==&mid=2247495724&idx=2&sn=dcc0629faaf7379bba94a34937db3358&chksm=c1760d83f6018495787c8c4e747f2507ae50ffc7d3fb318ac45892dd1b216b70e942b74259e1&mpshare=1&scene=23&srcid=0107IDEenH2fh5g0656NUtgL&sharer_sharetime=1673107217827&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) ++ 2023/01/08 [【Java 代码审计入门-06】文件包含漏洞原理与实际案例介绍](https://www.cnpanda.net/codeaudit/1037.html) From 3447aabfc31e1387637e5714a78ba6d6921f1fc6 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 8 Jan 2023 22:06:36 +0800 Subject: [PATCH 08/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index b00662c..5eac817 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -240,3 +240,4 @@ + 2023/01/04 [Soot 静态分析框架(五)Annotation 的实现](https://blog.csdn.net/raintungli/article/details/102634829) **soot中存在api直接调用注解信息** + 2023/01/08 [浅谈Nacos漏洞之超管权限后续利用](https://mp.weixin.qq.com/s?__biz=MzkxNDAyNTY2NA==&mid=2247495724&idx=2&sn=dcc0629faaf7379bba94a34937db3358&chksm=c1760d83f6018495787c8c4e747f2507ae50ffc7d3fb318ac45892dd1b216b70e942b74259e1&mpshare=1&scene=23&srcid=0107IDEenH2fh5g0656NUtgL&sharer_sharetime=1673107217827&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) + 2023/01/08 [【Java 代码审计入门-06】文件包含漏洞原理与实际案例介绍](https://www.cnpanda.net/codeaudit/1037.html) ++ 2023/01/08 [第45篇:weblogic反序列化漏洞绕waf方法总结,2017-10271与2019-2725漏洞绕waf防护](https://mp.weixin.qq.com/s/8hUYRYoAqjthqgBI_zn9ZA) **weblogic中可以使用编码绕过** From a47eca2bf38bf0fe3859626c0d1b6aa69d0a8986 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Mon, 9 Jan 2023 19:25:40 +0800 Subject: [PATCH 09/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 5eac817..42c3703 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -241,3 +241,4 @@ + 2023/01/08 [浅谈Nacos漏洞之超管权限后续利用](https://mp.weixin.qq.com/s?__biz=MzkxNDAyNTY2NA==&mid=2247495724&idx=2&sn=dcc0629faaf7379bba94a34937db3358&chksm=c1760d83f6018495787c8c4e747f2507ae50ffc7d3fb318ac45892dd1b216b70e942b74259e1&mpshare=1&scene=23&srcid=0107IDEenH2fh5g0656NUtgL&sharer_sharetime=1673107217827&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) + 2023/01/08 [【Java 代码审计入门-06】文件包含漏洞原理与实际案例介绍](https://www.cnpanda.net/codeaudit/1037.html) + 2023/01/08 [第45篇:weblogic反序列化漏洞绕waf方法总结,2017-10271与2019-2725漏洞绕waf防护](https://mp.weixin.qq.com/s/8hUYRYoAqjthqgBI_zn9ZA) **weblogic中可以使用编码绕过** ++ 2023/01/09 [调教某数字杀软,权限维持so easy](https://mp.weixin.qq.com/s/IYGon3X4-cQwnwwb1WZWww) **现在还看不懂!** From 492fea085d8fc25314e9f6842c0b06defb20156f Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Mon, 9 Jan 2023 19:31:44 +0800 Subject: [PATCH 10/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 42c3703..92a0bac 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -242,3 +242,4 @@ + 2023/01/08 [【Java 代码审计入门-06】文件包含漏洞原理与实际案例介绍](https://www.cnpanda.net/codeaudit/1037.html) + 2023/01/08 [第45篇:weblogic反序列化漏洞绕waf方法总结,2017-10271与2019-2725漏洞绕waf防护](https://mp.weixin.qq.com/s/8hUYRYoAqjthqgBI_zn9ZA) **weblogic中可以使用编码绕过** + 2023/01/09 [调教某数字杀软,权限维持so easy](https://mp.weixin.qq.com/s/IYGon3X4-cQwnwwb1WZWww) **现在还看不懂!** ++ 2023/01/09 [玩转CodeQLpy之代码审计实战案例](https://mp.weixin.qq.com/s?__biz=MzkzNjMxNDM0Mg==&mid=2247485587&idx=1&sn=70b400682976cf82fc1d41fceba7e76e&chksm=c2a1dc1af5d6550c7b5b19b8810ede0bb920c7dad168ac3db3c9cbedfc6e2d4b29a3b42144e6&mpshare=1&scene=23&srcid=01064grkrTL43aUSw4HyhlEh&sharer_sharetime=1673004615548&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **可以试一试自己的VI能不能扫描出来** From 7b5746db08c0ff9e249a5211751cc8a0ddd137d5 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Tue, 10 Jan 2023 13:07:24 +0800 Subject: [PATCH 11/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 92a0bac..c244a14 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -243,3 +243,4 @@ + 2023/01/08 [第45篇:weblogic反序列化漏洞绕waf方法总结,2017-10271与2019-2725漏洞绕waf防护](https://mp.weixin.qq.com/s/8hUYRYoAqjthqgBI_zn9ZA) **weblogic中可以使用编码绕过** + 2023/01/09 [调教某数字杀软,权限维持so easy](https://mp.weixin.qq.com/s/IYGon3X4-cQwnwwb1WZWww) **现在还看不懂!** + 2023/01/09 [玩转CodeQLpy之代码审计实战案例](https://mp.weixin.qq.com/s?__biz=MzkzNjMxNDM0Mg==&mid=2247485587&idx=1&sn=70b400682976cf82fc1d41fceba7e76e&chksm=c2a1dc1af5d6550c7b5b19b8810ede0bb920c7dad168ac3db3c9cbedfc6e2d4b29a3b42144e6&mpshare=1&scene=23&srcid=01064grkrTL43aUSw4HyhlEh&sharer_sharetime=1673004615548&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **可以试一试自己的VI能不能扫描出来** ++ 2023/01/10 [为什么你抓不到baidu的数据](https://mp.weixin.qq.com/s?__biz=MzUzNTY5MzU2MA==&mid=2247497288&idx=1&sn=1d634021528643c2f71e7cbf4dd7a0f7&chksm=fa8327dfcdf4aec9f798046e38ed5918d2df937c1ba7b7729c08e31b4c5c23cd13023c1c08f6&mpshare=1&scene=23&srcid=0110jBzdFMNuglOyMZh5teWu&sharer_sharetime=1673322185390&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **好牛皮啊** From 48388de1dd14e9ed247b7479091471ab5a2ffdb3 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Tue, 10 Jan 2023 15:00:27 +0800 Subject: [PATCH 12/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index c244a14..2db8cc4 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -244,3 +244,4 @@ + 2023/01/09 [调教某数字杀软,权限维持so easy](https://mp.weixin.qq.com/s/IYGon3X4-cQwnwwb1WZWww) **现在还看不懂!** + 2023/01/09 [玩转CodeQLpy之代码审计实战案例](https://mp.weixin.qq.com/s?__biz=MzkzNjMxNDM0Mg==&mid=2247485587&idx=1&sn=70b400682976cf82fc1d41fceba7e76e&chksm=c2a1dc1af5d6550c7b5b19b8810ede0bb920c7dad168ac3db3c9cbedfc6e2d4b29a3b42144e6&mpshare=1&scene=23&srcid=01064grkrTL43aUSw4HyhlEh&sharer_sharetime=1673004615548&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **可以试一试自己的VI能不能扫描出来** + 2023/01/10 [为什么你抓不到baidu的数据](https://mp.weixin.qq.com/s?__biz=MzUzNTY5MzU2MA==&mid=2247497288&idx=1&sn=1d634021528643c2f71e7cbf4dd7a0f7&chksm=fa8327dfcdf4aec9f798046e38ed5918d2df937c1ba7b7729c08e31b4c5c23cd13023c1c08f6&mpshare=1&scene=23&srcid=0110jBzdFMNuglOyMZh5teWu&sharer_sharetime=1673322185390&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **好牛皮啊** ++ 2023/01/10 [EL表达式支持Lambda](http://aducode.github.io/posts/2015-07-14/hook_tomcat_el_expression.html) **np** From 29282c0611bcaac3f9a68f98850115175f842c82 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Tue, 10 Jan 2023 19:57:19 +0800 Subject: [PATCH 13/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 2db8cc4..55dbdf9 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -245,3 +245,4 @@ + 2023/01/09 [玩转CodeQLpy之代码审计实战案例](https://mp.weixin.qq.com/s?__biz=MzkzNjMxNDM0Mg==&mid=2247485587&idx=1&sn=70b400682976cf82fc1d41fceba7e76e&chksm=c2a1dc1af5d6550c7b5b19b8810ede0bb920c7dad168ac3db3c9cbedfc6e2d4b29a3b42144e6&mpshare=1&scene=23&srcid=01064grkrTL43aUSw4HyhlEh&sharer_sharetime=1673004615548&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **可以试一试自己的VI能不能扫描出来** + 2023/01/10 [为什么你抓不到baidu的数据](https://mp.weixin.qq.com/s?__biz=MzUzNTY5MzU2MA==&mid=2247497288&idx=1&sn=1d634021528643c2f71e7cbf4dd7a0f7&chksm=fa8327dfcdf4aec9f798046e38ed5918d2df937c1ba7b7729c08e31b4c5c23cd13023c1c08f6&mpshare=1&scene=23&srcid=0110jBzdFMNuglOyMZh5teWu&sharer_sharetime=1673322185390&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **好牛皮啊** + 2023/01/10 [EL表达式支持Lambda](http://aducode.github.io/posts/2015-07-14/hook_tomcat_el_expression.html) **np** ++ 2023/01/10 [HashSet 对象去重复处理](https://blog.csdn.net/wangjie1616/article/details/78416551) **去除重复的对象也可以使用commons.lang这个包来判断** From ca66b589a30f06cee34ec0dac038910dfaf92ca7 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Wed, 11 Jan 2023 13:33:12 +0800 Subject: [PATCH 14/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 55dbdf9..bf7acba 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -246,3 +246,4 @@ + 2023/01/10 [为什么你抓不到baidu的数据](https://mp.weixin.qq.com/s?__biz=MzUzNTY5MzU2MA==&mid=2247497288&idx=1&sn=1d634021528643c2f71e7cbf4dd7a0f7&chksm=fa8327dfcdf4aec9f798046e38ed5918d2df937c1ba7b7729c08e31b4c5c23cd13023c1c08f6&mpshare=1&scene=23&srcid=0110jBzdFMNuglOyMZh5teWu&sharer_sharetime=1673322185390&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **好牛皮啊** + 2023/01/10 [EL表达式支持Lambda](http://aducode.github.io/posts/2015-07-14/hook_tomcat_el_expression.html) **np** + 2023/01/10 [HashSet 对象去重复处理](https://blog.csdn.net/wangjie1616/article/details/78416551) **去除重复的对象也可以使用commons.lang这个包来判断** ++ 2023/01/11 [burp自定义解密数据插件](https://mp.weixin.qq.com/s/B-lBbVpJsPdCp1pjz2Rxdg) From 9593ba940a081aaeec14cea2c7063106a0f5e9e7 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Wed, 11 Jan 2023 13:36:36 +0800 Subject: [PATCH 15/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index bf7acba..1d481af 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -246,4 +246,4 @@ + 2023/01/10 [为什么你抓不到baidu的数据](https://mp.weixin.qq.com/s?__biz=MzUzNTY5MzU2MA==&mid=2247497288&idx=1&sn=1d634021528643c2f71e7cbf4dd7a0f7&chksm=fa8327dfcdf4aec9f798046e38ed5918d2df937c1ba7b7729c08e31b4c5c23cd13023c1c08f6&mpshare=1&scene=23&srcid=0110jBzdFMNuglOyMZh5teWu&sharer_sharetime=1673322185390&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **好牛皮啊** + 2023/01/10 [EL表达式支持Lambda](http://aducode.github.io/posts/2015-07-14/hook_tomcat_el_expression.html) **np** + 2023/01/10 [HashSet 对象去重复处理](https://blog.csdn.net/wangjie1616/article/details/78416551) **去除重复的对象也可以使用commons.lang这个包来判断** -+ 2023/01/11 [burp自定义解密数据插件](https://mp.weixin.qq.com/s/B-lBbVpJsPdCp1pjz2Rxdg) ++ 2023/01/11 [burp自定义解密数据插件](https://mp.weixin.qq.com/s/B-lBbVpJsPdCp1pjz2Rxdg) [某app测试](https://mp.weixin.qq.com/s/_7wSWy0gIMMZmVeOtFgdsw) From 79776e236d7469e433b800ec4169ed1815ccb570 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Fri, 13 Jan 2023 20:45:41 +0800 Subject: [PATCH 16/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 1d481af..5cd40c4 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -247,3 +247,4 @@ + 2023/01/10 [EL表达式支持Lambda](http://aducode.github.io/posts/2015-07-14/hook_tomcat_el_expression.html) **np** + 2023/01/10 [HashSet 对象去重复处理](https://blog.csdn.net/wangjie1616/article/details/78416551) **去除重复的对象也可以使用commons.lang这个包来判断** + 2023/01/11 [burp自定义解密数据插件](https://mp.weixin.qq.com/s/B-lBbVpJsPdCp1pjz2Rxdg) [某app测试](https://mp.weixin.qq.com/s/_7wSWy0gIMMZmVeOtFgdsw) ++ 2023/01/13 [JVM Shellcode注入探索](https://mp.weixin.qq.com/s/5mK4twhCLtbiHdO0VZrX1A) **np** From d26fd31e43c6986fb6450f6e247b21cff20efcd1 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sat, 14 Jan 2023 13:35:29 +0800 Subject: [PATCH 17/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 5cd40c4..fa856a2 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -248,3 +248,4 @@ + 2023/01/10 [HashSet 对象去重复处理](https://blog.csdn.net/wangjie1616/article/details/78416551) **去除重复的对象也可以使用commons.lang这个包来判断** + 2023/01/11 [burp自定义解密数据插件](https://mp.weixin.qq.com/s/B-lBbVpJsPdCp1pjz2Rxdg) [某app测试](https://mp.weixin.qq.com/s/_7wSWy0gIMMZmVeOtFgdsw) + 2023/01/13 [JVM Shellcode注入探索](https://mp.weixin.qq.com/s/5mK4twhCLtbiHdO0VZrX1A) **np** ++ 2023/01/14 [第46篇:伊朗APT组织入侵美国政府内网全过程揭秘(上篇)](https://mp.weixin.qq.com/s/LarjLeYFqDQh7I0jpFZwHA) From 191e6674e4a3993acc1a01c8081712e70ee10d2a Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Mon, 16 Jan 2023 22:15:51 +0800 Subject: [PATCH 18/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index fa856a2..3606571 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -249,3 +249,4 @@ + 2023/01/11 [burp自定义解密数据插件](https://mp.weixin.qq.com/s/B-lBbVpJsPdCp1pjz2Rxdg) [某app测试](https://mp.weixin.qq.com/s/_7wSWy0gIMMZmVeOtFgdsw) + 2023/01/13 [JVM Shellcode注入探索](https://mp.weixin.qq.com/s/5mK4twhCLtbiHdO0VZrX1A) **np** + 2023/01/14 [第46篇:伊朗APT组织入侵美国政府内网全过程揭秘(上篇)](https://mp.weixin.qq.com/s/LarjLeYFqDQh7I0jpFZwHA) ++ 2023/01/16 [Hacking Redis for fun and CTF points,redis的利用](https://medium.com/@emil.lerner/hacking-redis-for-fun-and-ctf-points-3450c351bec1) **npnp** From 1be80eadba1f76a4eb84f4abf2b07e5696500e67 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Tue, 17 Jan 2023 20:44:55 +0800 Subject: [PATCH 19/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 3606571..c207098 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -250,3 +250,4 @@ + 2023/01/13 [JVM Shellcode注入探索](https://mp.weixin.qq.com/s/5mK4twhCLtbiHdO0VZrX1A) **np** + 2023/01/14 [第46篇:伊朗APT组织入侵美国政府内网全过程揭秘(上篇)](https://mp.weixin.qq.com/s/LarjLeYFqDQh7I0jpFZwHA) + 2023/01/16 [Hacking Redis for fun and CTF points,redis的利用](https://medium.com/@emil.lerner/hacking-redis-for-fun-and-ctf-points-3450c351bec1) **npnp** ++ 2023/01/17 [第47篇:ATT&CK矩阵攻击链分析-伊朗APT入侵美国政府内网(中篇)](https://mp.weixin.qq.com/s/vLBupn8etY1rvcgHmLNbIw) From 67c2289b0cb2eb372d11a8e329ed26d38e1db2a7 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Tue, 17 Jan 2023 20:50:12 +0800 Subject: [PATCH 20/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index c207098..ff05aa6 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -251,3 +251,4 @@ + 2023/01/14 [第46篇:伊朗APT组织入侵美国政府内网全过程揭秘(上篇)](https://mp.weixin.qq.com/s/LarjLeYFqDQh7I0jpFZwHA) + 2023/01/16 [Hacking Redis for fun and CTF points,redis的利用](https://medium.com/@emil.lerner/hacking-redis-for-fun-and-ctf-points-3450c351bec1) **npnp** + 2023/01/17 [第47篇:ATT&CK矩阵攻击链分析-伊朗APT入侵美国政府内网(中篇)](https://mp.weixin.qq.com/s/vLBupn8etY1rvcgHmLNbIw) ++ 2023/01/17 [玩转CodeQLpy之用友GRP-U8漏洞挖掘](https://mp.weixin.qq.com/s/hYPdNN6skbikC3FFYRlbrQ) **可以尝试用vi跑一下** From cc0aabe127367c713599492f11724ee386d0a750 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Tue, 17 Jan 2023 21:24:24 +0800 Subject: [PATCH 21/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index ff05aa6..d65ef33 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -252,3 +252,4 @@ + 2023/01/16 [Hacking Redis for fun and CTF points,redis的利用](https://medium.com/@emil.lerner/hacking-redis-for-fun-and-ctf-points-3450c351bec1) **npnp** + 2023/01/17 [第47篇:ATT&CK矩阵攻击链分析-伊朗APT入侵美国政府内网(中篇)](https://mp.weixin.qq.com/s/vLBupn8etY1rvcgHmLNbIw) + 2023/01/17 [玩转CodeQLpy之用友GRP-U8漏洞挖掘](https://mp.weixin.qq.com/s/hYPdNN6skbikC3FFYRlbrQ) **可以尝试用vi跑一下** ++ 2023/01/17 [JDK-Xalan的XSLT整数截断漏洞利用构造](https://mp.weixin.qq.com/s?__biz=Mzg4MzY5NjIyMg==&mid=2247483755&idx=1&sn=4e9ae8be2a0950ecfe99281689001e06&chksm=cf42365af835bf4ceb041fdbbb108cffbfbef253f41d9197760e11f774749eeb1e721f070fd8&mpshare=1&scene=23&srcid=0117LLaambwHZZNnlAY1Pqnm&sharer_sharetime=1673954336737&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **np 学习** From ac0e8d7063b6359c970cb4ac945aaaf57a662d0c Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Tue, 17 Jan 2023 21:48:25 +0800 Subject: [PATCH 22/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index d65ef33..e6b61d1 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -253,3 +253,4 @@ + 2023/01/17 [第47篇:ATT&CK矩阵攻击链分析-伊朗APT入侵美国政府内网(中篇)](https://mp.weixin.qq.com/s/vLBupn8etY1rvcgHmLNbIw) + 2023/01/17 [玩转CodeQLpy之用友GRP-U8漏洞挖掘](https://mp.weixin.qq.com/s/hYPdNN6skbikC3FFYRlbrQ) **可以尝试用vi跑一下** + 2023/01/17 [JDK-Xalan的XSLT整数截断漏洞利用构造](https://mp.weixin.qq.com/s?__biz=Mzg4MzY5NjIyMg==&mid=2247483755&idx=1&sn=4e9ae8be2a0950ecfe99281689001e06&chksm=cf42365af835bf4ceb041fdbbb108cffbfbef253f41d9197760e11f774749eeb1e721f070fd8&mpshare=1&scene=23&srcid=0117LLaambwHZZNnlAY1Pqnm&sharer_sharetime=1673954336737&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **np 学习** ++ 2023/1/17 [XSLT 调用 Java 的类方法](https://yanbin.blog/xslt-call-java-method/) [XSLT Injection](https://vulncat.fortify.com/zh-cn/detail?id=desc.dataflow.java.xslt_injection) **xslt 命令执行** From ec1cb285491fd139f59d213a37d4345441ac661e Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Wed, 18 Jan 2023 11:20:02 +0800 Subject: [PATCH 23/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index e6b61d1..9768ff0 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -253,4 +253,5 @@ + 2023/01/17 [第47篇:ATT&CK矩阵攻击链分析-伊朗APT入侵美国政府内网(中篇)](https://mp.weixin.qq.com/s/vLBupn8etY1rvcgHmLNbIw) + 2023/01/17 [玩转CodeQLpy之用友GRP-U8漏洞挖掘](https://mp.weixin.qq.com/s/hYPdNN6skbikC3FFYRlbrQ) **可以尝试用vi跑一下** + 2023/01/17 [JDK-Xalan的XSLT整数截断漏洞利用构造](https://mp.weixin.qq.com/s?__biz=Mzg4MzY5NjIyMg==&mid=2247483755&idx=1&sn=4e9ae8be2a0950ecfe99281689001e06&chksm=cf42365af835bf4ceb041fdbbb108cffbfbef253f41d9197760e11f774749eeb1e721f070fd8&mpshare=1&scene=23&srcid=0117LLaambwHZZNnlAY1Pqnm&sharer_sharetime=1673954336737&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **np 学习** -+ 2023/1/17 [XSLT 调用 Java 的类方法](https://yanbin.blog/xslt-call-java-method/) [XSLT Injection](https://vulncat.fortify.com/zh-cn/detail?id=desc.dataflow.java.xslt_injection) **xslt 命令执行** ++ 2023/01/17 [XSLT 调用 Java 的类方法](https://yanbin.blog/xslt-call-java-method/) [XSLT Injection](https://vulncat.fortify.com/zh-cn/detail?id=desc.dataflow.java.xslt_injection) **xslt 命令执行** ++ 2023/01/18 [从“假漏洞”到“不忘初心”](https://mp.weixin.qq.com/s?__biz=Mzg5OTU1NTEwMg==&mid=2247483948&idx=1&sn=f4a1cbe8131ce0812714fda95147bc79&chksm=c050c85df727414bb25fb90e52edf81bc1d2ae6222cc29d54d4e810537e0c83bf579958a3e4c&mpshare=1&scene=23&srcid=0117ma1Ywz1TACmdsaaIMMTP&sharer_sharetime=1674008997482&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) From 1fc5c76155b9aeb97473377980dc3a810f1a34c4 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Thu, 19 Jan 2023 11:49:29 +0800 Subject: [PATCH 24/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 9768ff0..4d61315 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -255,3 +255,4 @@ + 2023/01/17 [JDK-Xalan的XSLT整数截断漏洞利用构造](https://mp.weixin.qq.com/s?__biz=Mzg4MzY5NjIyMg==&mid=2247483755&idx=1&sn=4e9ae8be2a0950ecfe99281689001e06&chksm=cf42365af835bf4ceb041fdbbb108cffbfbef253f41d9197760e11f774749eeb1e721f070fd8&mpshare=1&scene=23&srcid=0117LLaambwHZZNnlAY1Pqnm&sharer_sharetime=1673954336737&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **np 学习** + 2023/01/17 [XSLT 调用 Java 的类方法](https://yanbin.blog/xslt-call-java-method/) [XSLT Injection](https://vulncat.fortify.com/zh-cn/detail?id=desc.dataflow.java.xslt_injection) **xslt 命令执行** + 2023/01/18 [从“假漏洞”到“不忘初心”](https://mp.weixin.qq.com/s?__biz=Mzg5OTU1NTEwMg==&mid=2247483948&idx=1&sn=f4a1cbe8131ce0812714fda95147bc79&chksm=c050c85df727414bb25fb90e52edf81bc1d2ae6222cc29d54d4e810537e0c83bf579958a3e4c&mpshare=1&scene=23&srcid=0117ma1Ywz1TACmdsaaIMMTP&sharer_sharetime=1674008997482&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) ++ 2023/01/19 [分享几个 IDEA 下 git 使用小技巧](https://www.bilibili.com/video/BV1yW4y1N7mR/?buvid=Y8497289E888F86F46BC91648B98C847C1AA&is_story_h5=false&mid=Rbxe%2Bk7llEVOThj%2FWkKmvQ%3D%3D&p=1&plat_id=116&share_from=ugc&share_medium=iphone&share_plat=ios&share_session_id=C5D45C2B-571E-4A34-8425-2082CA8630B3&share_source=QQ&share_tag=s_i×tamp=1674063016&unique_k=FWgBBSP&up_id=186408046) **确实有用** From 94b68f51ef75f2973710e5f90577f552895ee95c Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Thu, 19 Jan 2023 21:30:16 +0800 Subject: [PATCH 25/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 4d61315..db647b6 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -256,3 +256,4 @@ + 2023/01/17 [XSLT 调用 Java 的类方法](https://yanbin.blog/xslt-call-java-method/) [XSLT Injection](https://vulncat.fortify.com/zh-cn/detail?id=desc.dataflow.java.xslt_injection) **xslt 命令执行** + 2023/01/18 [从“假漏洞”到“不忘初心”](https://mp.weixin.qq.com/s?__biz=Mzg5OTU1NTEwMg==&mid=2247483948&idx=1&sn=f4a1cbe8131ce0812714fda95147bc79&chksm=c050c85df727414bb25fb90e52edf81bc1d2ae6222cc29d54d4e810537e0c83bf579958a3e4c&mpshare=1&scene=23&srcid=0117ma1Ywz1TACmdsaaIMMTP&sharer_sharetime=1674008997482&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) + 2023/01/19 [分享几个 IDEA 下 git 使用小技巧](https://www.bilibili.com/video/BV1yW4y1N7mR/?buvid=Y8497289E888F86F46BC91648B98C847C1AA&is_story_h5=false&mid=Rbxe%2Bk7llEVOThj%2FWkKmvQ%3D%3D&p=1&plat_id=116&share_from=ugc&share_medium=iphone&share_plat=ios&share_session_id=C5D45C2B-571E-4A34-8425-2082CA8630B3&share_source=QQ&share_tag=s_i×tamp=1674063016&unique_k=FWgBBSP&up_id=186408046) **确实有用** ++ 2023/01/19 [CVE-2022-35741 Apache CloudStack SAML XXE注入](https://xz.aliyun.com/t/11600) **Apache CloudStack 云计算的东西国内没有看到过** From b3272af2213f62639a2bca057439f7f19d2969ee Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Thu, 19 Jan 2023 23:23:54 +0800 Subject: [PATCH 26/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index db647b6..c0dda1a 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -257,3 +257,4 @@ + 2023/01/18 [从“假漏洞”到“不忘初心”](https://mp.weixin.qq.com/s?__biz=Mzg5OTU1NTEwMg==&mid=2247483948&idx=1&sn=f4a1cbe8131ce0812714fda95147bc79&chksm=c050c85df727414bb25fb90e52edf81bc1d2ae6222cc29d54d4e810537e0c83bf579958a3e4c&mpshare=1&scene=23&srcid=0117ma1Ywz1TACmdsaaIMMTP&sharer_sharetime=1674008997482&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) + 2023/01/19 [分享几个 IDEA 下 git 使用小技巧](https://www.bilibili.com/video/BV1yW4y1N7mR/?buvid=Y8497289E888F86F46BC91648B98C847C1AA&is_story_h5=false&mid=Rbxe%2Bk7llEVOThj%2FWkKmvQ%3D%3D&p=1&plat_id=116&share_from=ugc&share_medium=iphone&share_plat=ios&share_session_id=C5D45C2B-571E-4A34-8425-2082CA8630B3&share_source=QQ&share_tag=s_i×tamp=1674063016&unique_k=FWgBBSP&up_id=186408046) **确实有用** + 2023/01/19 [CVE-2022-35741 Apache CloudStack SAML XXE注入](https://xz.aliyun.com/t/11600) **Apache CloudStack 云计算的东西国内没有看到过** ++ 2023/01/19 [Xalan包在XXE问题中的坑](https://www.freebuf.com/vuls/238005.html) **之前就遇到了如果有xalan依赖的时候会导致xxe防御失去效果** From d3a20de2adfd2da8f2b9b9bec716fd7d01134ab2 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Mon, 23 Jan 2023 19:52:29 +0800 Subject: [PATCH 27/97] Update README.md --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index e2e39f6..907e11b 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,12 @@ + 2022/10/07 [添加JDK里面的trick](Jdk) 💛 💙 💜 ❤️ 💚 +## 知识星球 +该知识星球主要是分享java相关的安全知识,绝对精华.里面包含未开放的1day和0day等分享或武器化工具一发入魂 + +![image](https://user-images.githubusercontent.com/63966847/214033050-87bdd0f8-4982-4aac-b79d-a5b6d0f107b9.png) + + ## 代学习 From 44384ae543ee83a3e6304345b972046f895d49c8 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 29 Jan 2023 15:12:19 +0800 Subject: [PATCH 28/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index c0dda1a..9f83a8d 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -258,3 +258,4 @@ + 2023/01/19 [分享几个 IDEA 下 git 使用小技巧](https://www.bilibili.com/video/BV1yW4y1N7mR/?buvid=Y8497289E888F86F46BC91648B98C847C1AA&is_story_h5=false&mid=Rbxe%2Bk7llEVOThj%2FWkKmvQ%3D%3D&p=1&plat_id=116&share_from=ugc&share_medium=iphone&share_plat=ios&share_session_id=C5D45C2B-571E-4A34-8425-2082CA8630B3&share_source=QQ&share_tag=s_i×tamp=1674063016&unique_k=FWgBBSP&up_id=186408046) **确实有用** + 2023/01/19 [CVE-2022-35741 Apache CloudStack SAML XXE注入](https://xz.aliyun.com/t/11600) **Apache CloudStack 云计算的东西国内没有看到过** + 2023/01/19 [Xalan包在XXE问题中的坑](https://www.freebuf.com/vuls/238005.html) **之前就遇到了如果有xalan依赖的时候会导致xxe防御失去效果** ++ 2023/01/29 [红队:IIS短文件名猜解在拿权限中的巧用](https://mp.weixin.qq.com/s?__biz=Mzg2ODYxMzY3OQ==&mid=2247491093&idx=1&sn=9ebedfadd4b86cbb319c085fdfbdaf1d&chksm=cea8f555f9df7c4370ab5efe4248c3ca144381556d6299c2e9ab1d83229a38ad82b208f70cb6&mpshare=1&scene=23&srcid=0128dKktHmtVydWzC2jEaQ44&sharer_sharetime=1674914927543&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **了解** From 4b605c634c1a23f2164c158a98e9f19dda10e911 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 29 Jan 2023 21:18:09 +0800 Subject: [PATCH 29/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 9f83a8d..2f83594 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -259,3 +259,4 @@ + 2023/01/19 [CVE-2022-35741 Apache CloudStack SAML XXE注入](https://xz.aliyun.com/t/11600) **Apache CloudStack 云计算的东西国内没有看到过** + 2023/01/19 [Xalan包在XXE问题中的坑](https://www.freebuf.com/vuls/238005.html) **之前就遇到了如果有xalan依赖的时候会导致xxe防御失去效果** + 2023/01/29 [红队:IIS短文件名猜解在拿权限中的巧用](https://mp.weixin.qq.com/s?__biz=Mzg2ODYxMzY3OQ==&mid=2247491093&idx=1&sn=9ebedfadd4b86cbb319c085fdfbdaf1d&chksm=cea8f555f9df7c4370ab5efe4248c3ca144381556d6299c2e9ab1d83229a38ad82b208f70cb6&mpshare=1&scene=23&srcid=0128dKktHmtVydWzC2jEaQ44&sharer_sharetime=1674914927543&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **了解** ++ 2023/01/29 [PHP Development Server <= 7.4.21 - Remote Source Disclosure](https://blog.projectdiscovery.io/php-http-server-source-disclosure/) **np** From 0437e1595880648d415a00c62d4d5ca3080316c7 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 29 Jan 2023 22:49:25 +0800 Subject: [PATCH 30/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 2f83594..458b7e4 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -260,3 +260,4 @@ + 2023/01/19 [Xalan包在XXE问题中的坑](https://www.freebuf.com/vuls/238005.html) **之前就遇到了如果有xalan依赖的时候会导致xxe防御失去效果** + 2023/01/29 [红队:IIS短文件名猜解在拿权限中的巧用](https://mp.weixin.qq.com/s?__biz=Mzg2ODYxMzY3OQ==&mid=2247491093&idx=1&sn=9ebedfadd4b86cbb319c085fdfbdaf1d&chksm=cea8f555f9df7c4370ab5efe4248c3ca144381556d6299c2e9ab1d83229a38ad82b208f70cb6&mpshare=1&scene=23&srcid=0128dKktHmtVydWzC2jEaQ44&sharer_sharetime=1674914927543&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **了解** + 2023/01/29 [PHP Development Server <= 7.4.21 - Remote Source Disclosure](https://blog.projectdiscovery.io/php-http-server-source-disclosure/) **np** ++ 2023/01/29 [Java Zip Slip漏洞案例分析及实战挖掘](https://xz.aliyun.com/t/12081) **主要是fix的代码可能有问题 一部分开发人员判断的是startwith** From d4f3e447859646d735c8f861ea6ab9da39f693d3 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Mon, 30 Jan 2023 15:23:12 +0800 Subject: [PATCH 31/97] Update Readme.md --- shell/OGNL/Readme.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/shell/OGNL/Readme.md b/shell/OGNL/Readme.md index b09dfcf..9b83e7d 100644 --- a/shell/OGNL/Readme.md +++ b/shell/OGNL/Readme.md @@ -41,6 +41,9 @@ String bypass_sm_exp = "var str = Java.type('java.lang.String[]').class;" + >参考 >https://www.sec-in.com/article/753 >https://www.mi1k7ea.com/2020/03/16/OGNL%E8%A1%A8%E8%BE%BE%E5%BC%8F%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E6%80%BB%E7%BB%93/ +## Bypass + +https://github.blog/2023-01-27-bypassing-ognl-sandboxes-for-fun-and-charities/ ## mybatis 存在${}的ognl 参考2022的d3ctf ezsql From 9ca0f18f5e4982381bb8801c282bb8bf83182282 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Mon, 30 Jan 2023 15:54:59 +0800 Subject: [PATCH 32/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 458b7e4..6f2dab2 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -261,3 +261,4 @@ + 2023/01/29 [红队:IIS短文件名猜解在拿权限中的巧用](https://mp.weixin.qq.com/s?__biz=Mzg2ODYxMzY3OQ==&mid=2247491093&idx=1&sn=9ebedfadd4b86cbb319c085fdfbdaf1d&chksm=cea8f555f9df7c4370ab5efe4248c3ca144381556d6299c2e9ab1d83229a38ad82b208f70cb6&mpshare=1&scene=23&srcid=0128dKktHmtVydWzC2jEaQ44&sharer_sharetime=1674914927543&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **了解** + 2023/01/29 [PHP Development Server <= 7.4.21 - Remote Source Disclosure](https://blog.projectdiscovery.io/php-http-server-source-disclosure/) **np** + 2023/01/29 [Java Zip Slip漏洞案例分析及实战挖掘](https://xz.aliyun.com/t/12081) **主要是fix的代码可能有问题 一部分开发人员判断的是startwith** ++ 2023/01/30 [Docmosis Tornado的漏洞](https://frycos.github.io/vulns4free/2023/01/24/0days-united-nations.html) From 0de7647bb752430b676cb3463695a02e22a25709 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Wed, 1 Feb 2023 12:04:32 +0800 Subject: [PATCH 33/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 6f2dab2..97cb930 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -262,3 +262,4 @@ + 2023/01/29 [PHP Development Server <= 7.4.21 - Remote Source Disclosure](https://blog.projectdiscovery.io/php-http-server-source-disclosure/) **np** + 2023/01/29 [Java Zip Slip漏洞案例分析及实战挖掘](https://xz.aliyun.com/t/12081) **主要是fix的代码可能有问题 一部分开发人员判断的是startwith** + 2023/01/30 [Docmosis Tornado的漏洞](https://frycos.github.io/vulns4free/2023/01/24/0days-united-nations.html) ++ 2023/02/01 [Nginx 通过 Lua + Redis 实现动态封禁 IP](https://mp.weixin.qq.com/s/jjwTz53ks61cN5O3l8jHdw) From 34024c8050995e60f0eb8d54ac8ef14e5b783284 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Wed, 1 Feb 2023 19:14:22 +0800 Subject: [PATCH 34/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 97cb930..bbe8fa6 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -262,4 +262,5 @@ + 2023/01/29 [PHP Development Server <= 7.4.21 - Remote Source Disclosure](https://blog.projectdiscovery.io/php-http-server-source-disclosure/) **np** + 2023/01/29 [Java Zip Slip漏洞案例分析及实战挖掘](https://xz.aliyun.com/t/12081) **主要是fix的代码可能有问题 一部分开发人员判断的是startwith** + 2023/01/30 [Docmosis Tornado的漏洞](https://frycos.github.io/vulns4free/2023/01/24/0days-united-nations.html) -+ 2023/02/01 [Nginx 通过 Lua + Redis 实现动态封禁 IP](https://mp.weixin.qq.com/s/jjwTz53ks61cN5O3l8jHdw) ++ 2023/02/01 [Nginx 通过 Lua + Redis 实现动态封禁 IP](https://mp.weixin.qq.com/s/jjwTz53ks61cN5O3l8jHdw) ++ 2023/02/01 [Redis常见利用方法](https://mp.weixin.qq.com/s/qQkiGO5wPs8no_BoK13tig) **可写/etc/passwd 替换,计划任务 centos可写/var/spool/cron/* ubuntu 写/etc/cron.d/* ** From 98d47619c28482ef86504e731e4eff8f8c45bc48 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Thu, 2 Feb 2023 20:28:03 +0800 Subject: [PATCH 35/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index bbe8fa6..20d2377 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -263,4 +263,5 @@ + 2023/01/29 [Java Zip Slip漏洞案例分析及实战挖掘](https://xz.aliyun.com/t/12081) **主要是fix的代码可能有问题 一部分开发人员判断的是startwith** + 2023/01/30 [Docmosis Tornado的漏洞](https://frycos.github.io/vulns4free/2023/01/24/0days-united-nations.html) + 2023/02/01 [Nginx 通过 Lua + Redis 实现动态封禁 IP](https://mp.weixin.qq.com/s/jjwTz53ks61cN5O3l8jHdw) -+ 2023/02/01 [Redis常见利用方法](https://mp.weixin.qq.com/s/qQkiGO5wPs8no_BoK13tig) **可写/etc/passwd 替换,计划任务 centos可写/var/spool/cron/* ubuntu 写/etc/cron.d/* ** ++ 2023/02/01 [Redis常见利用方法](https://mp.weixin.qq.com/s/qQkiGO5wPs8no_BoK13tig) ** 可写/etc/passwd 替换,计划任务 centos可写/var/spool/cron/* ubuntu 写/etc/cron.d/* ** ++ 2023/02/02 [水平越权挖掘技巧与自动化越权漏洞检测](https://github.com/Firebasky/Java/tree/main/java%E6%97%A5%E5%B8%B8) From 8f2c86d4f92990975fbce31449874276bad6310c Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Fri, 3 Feb 2023 23:34:23 +0800 Subject: [PATCH 36/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 20d2377..cd55399 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -265,3 +265,4 @@ + 2023/02/01 [Nginx 通过 Lua + Redis 实现动态封禁 IP](https://mp.weixin.qq.com/s/jjwTz53ks61cN5O3l8jHdw) + 2023/02/01 [Redis常见利用方法](https://mp.weixin.qq.com/s/qQkiGO5wPs8no_BoK13tig) ** 可写/etc/passwd 替换,计划任务 centos可写/var/spool/cron/* ubuntu 写/etc/cron.d/* ** + 2023/02/02 [水平越权挖掘技巧与自动化越权漏洞检测](https://github.com/Firebasky/Java/tree/main/java%E6%97%A5%E5%B8%B8) ++ 2023/02/03 [ImageMagick:隐藏在网上图像背后的漏洞](https://mp.weixin.qq.com/s/zJkZbNmA1vDkpxP0SNVxHA) **np** From 01f655987e69a8c767deb43102ad63c3cca9e5bf Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Mon, 6 Feb 2023 18:20:00 +0800 Subject: [PATCH 37/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index cd55399..1274f69 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -266,3 +266,4 @@ + 2023/02/01 [Redis常见利用方法](https://mp.weixin.qq.com/s/qQkiGO5wPs8no_BoK13tig) ** 可写/etc/passwd 替换,计划任务 centos可写/var/spool/cron/* ubuntu 写/etc/cron.d/* ** + 2023/02/02 [水平越权挖掘技巧与自动化越权漏洞检测](https://github.com/Firebasky/Java/tree/main/java%E6%97%A5%E5%B8%B8) + 2023/02/03 [ImageMagick:隐藏在网上图像背后的漏洞](https://mp.weixin.qq.com/s/zJkZbNmA1vDkpxP0SNVxHA) **np** ++ 2023/02/06 [Numen安全研究员发现Apache Linkis漏洞CVE-2022-44645](https://mp.weixin.qq.com/s/rrC_CkSvEOsb8Xib21co0A) **黑名单可以bypass** From d66d38939f448a4f316f06cea4756d3455bdc018 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Wed, 8 Feb 2023 21:31:54 +0800 Subject: [PATCH 38/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 1274f69..bc75483 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -267,3 +267,4 @@ + 2023/02/02 [水平越权挖掘技巧与自动化越权漏洞检测](https://github.com/Firebasky/Java/tree/main/java%E6%97%A5%E5%B8%B8) + 2023/02/03 [ImageMagick:隐藏在网上图像背后的漏洞](https://mp.weixin.qq.com/s/zJkZbNmA1vDkpxP0SNVxHA) **np** + 2023/02/06 [Numen安全研究员发现Apache Linkis漏洞CVE-2022-44645](https://mp.weixin.qq.com/s/rrC_CkSvEOsb8Xib21co0A) **黑名单可以bypass** ++ 2023/02/08 [实战钓鱼之url魔改](https://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247490656&idx=1&sn=0d98bc095f34ecfb53f0c0d5d835ba32&chksm=c187dc71f6f0556707214ade4ebd207f2a6aeba469f5641f15d96892c13a37a8856c67421f1c&mpshare=1&scene=23&srcid=0208XWF2fNX9S3weD9OrMXKT&sharer_sharetime=1675853346072&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **有点意思,可以用在钓鱼方面** From 62a7791c550314a2750df8d2f7e61dc7df9d4b61 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Fri, 10 Feb 2023 13:06:15 +0800 Subject: [PATCH 39/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index bc75483..15f4423 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -268,3 +268,4 @@ + 2023/02/03 [ImageMagick:隐藏在网上图像背后的漏洞](https://mp.weixin.qq.com/s/zJkZbNmA1vDkpxP0SNVxHA) **np** + 2023/02/06 [Numen安全研究员发现Apache Linkis漏洞CVE-2022-44645](https://mp.weixin.qq.com/s/rrC_CkSvEOsb8Xib21co0A) **黑名单可以bypass** + 2023/02/08 [实战钓鱼之url魔改](https://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247490656&idx=1&sn=0d98bc095f34ecfb53f0c0d5d835ba32&chksm=c187dc71f6f0556707214ade4ebd207f2a6aeba469f5641f15d96892c13a37a8856c67421f1c&mpshare=1&scene=23&srcid=0208XWF2fNX9S3weD9OrMXKT&sharer_sharetime=1675853346072&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **有点意思,可以用在钓鱼方面** ++ 2023/02/10 [json 格式 bypass waf](https://lab.wallarm.com/waf-json-decoding-capability-required-to-protect-against-api-threats-like-cve-2020-13942-apache-unomi-rce/) **json 默认支持 unicode 编码** From fb4d535ca76fe7bf49c67b050c659a5b376ad454 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Fri, 10 Feb 2023 21:01:02 +0800 Subject: [PATCH 40/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 15f4423..ea9768f 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -269,3 +269,4 @@ + 2023/02/06 [Numen安全研究员发现Apache Linkis漏洞CVE-2022-44645](https://mp.weixin.qq.com/s/rrC_CkSvEOsb8Xib21co0A) **黑名单可以bypass** + 2023/02/08 [实战钓鱼之url魔改](https://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247490656&idx=1&sn=0d98bc095f34ecfb53f0c0d5d835ba32&chksm=c187dc71f6f0556707214ade4ebd207f2a6aeba469f5641f15d96892c13a37a8856c67421f1c&mpshare=1&scene=23&srcid=0208XWF2fNX9S3weD9OrMXKT&sharer_sharetime=1675853346072&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **有点意思,可以用在钓鱼方面** + 2023/02/10 [json 格式 bypass waf](https://lab.wallarm.com/waf-json-decoding-capability-required-to-protect-against-api-threats-like-cve-2020-13942-apache-unomi-rce/) **json 默认支持 unicode 编码** ++ 2023/02/10 [红队攻防实践:unicode进行webshell免杀的思考](https://mp.weixin.qq.com/s?__biz=MzI4MzA0ODUwNw==&mid=2247484997&idx=1&sn=8694814291d80337928e59afd3034b4c&chksm=eb91e911dce6600735f1d4fae65fb01c682fe9bddc3e72a67d2ae993baac5ccc1f93c1924467&cur_album_id=1342350211271966722&scene=189#wechat_redirect) **里面的零宽连接符ZWJ有意思** [零宽字符妙用](https://1991421.cn/2021/03/08/3c5b1b78/) From 12a737174f71891b9358c0d1d9be4bd120cf2aeb Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sat, 11 Feb 2023 17:47:26 +0800 Subject: [PATCH 41/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index ea9768f..0133fcb 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -270,3 +270,4 @@ + 2023/02/08 [实战钓鱼之url魔改](https://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247490656&idx=1&sn=0d98bc095f34ecfb53f0c0d5d835ba32&chksm=c187dc71f6f0556707214ade4ebd207f2a6aeba469f5641f15d96892c13a37a8856c67421f1c&mpshare=1&scene=23&srcid=0208XWF2fNX9S3weD9OrMXKT&sharer_sharetime=1675853346072&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **有点意思,可以用在钓鱼方面** + 2023/02/10 [json 格式 bypass waf](https://lab.wallarm.com/waf-json-decoding-capability-required-to-protect-against-api-threats-like-cve-2020-13942-apache-unomi-rce/) **json 默认支持 unicode 编码** + 2023/02/10 [红队攻防实践:unicode进行webshell免杀的思考](https://mp.weixin.qq.com/s?__biz=MzI4MzA0ODUwNw==&mid=2247484997&idx=1&sn=8694814291d80337928e59afd3034b4c&chksm=eb91e911dce6600735f1d4fae65fb01c682fe9bddc3e72a67d2ae993baac5ccc1f93c1924467&cur_album_id=1342350211271966722&scene=189#wechat_redirect) **里面的零宽连接符ZWJ有意思** [零宽字符妙用](https://1991421.cn/2021/03/08/3c5b1b78/) ++ 2023/02/11 [PWN2OWNING TWO HOSTS AT THE SAME TIME: ABUSING INDUCTIVE AUTOMATION IGNITION’S CUSTOM DESERIALIZATION](https://www.zerodayinitiative.com/blog/2023/2/6/pwn2owning-two-hosts-at-the-same-time-abusing-inductive-automation-ignitions-custom-deserialization) From 02f2c95f5bc469d6fccb1a0414cd3a41b9e547c1 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Tue, 14 Feb 2023 13:05:11 +0800 Subject: [PATCH 42/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 0133fcb..b3be6a3 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -271,3 +271,4 @@ + 2023/02/10 [json 格式 bypass waf](https://lab.wallarm.com/waf-json-decoding-capability-required-to-protect-against-api-threats-like-cve-2020-13942-apache-unomi-rce/) **json 默认支持 unicode 编码** + 2023/02/10 [红队攻防实践:unicode进行webshell免杀的思考](https://mp.weixin.qq.com/s?__biz=MzI4MzA0ODUwNw==&mid=2247484997&idx=1&sn=8694814291d80337928e59afd3034b4c&chksm=eb91e911dce6600735f1d4fae65fb01c682fe9bddc3e72a67d2ae993baac5ccc1f93c1924467&cur_album_id=1342350211271966722&scene=189#wechat_redirect) **里面的零宽连接符ZWJ有意思** [零宽字符妙用](https://1991421.cn/2021/03/08/3c5b1b78/) + 2023/02/11 [PWN2OWNING TWO HOSTS AT THE SAME TIME: ABUSING INDUCTIVE AUTOMATION IGNITION’S CUSTOM DESERIALIZATION](https://www.zerodayinitiative.com/blog/2023/2/6/pwn2owning-two-hosts-at-the-same-time-abusing-inductive-automation-ignitions-custom-deserialization) ++ 2023/02/14 [环境变量的利用](https://www.elttam.com/blog/env/#content) **np的** From ac094e42846e39b6174bb1bfc673d45d2f0d322d Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Tue, 14 Feb 2023 15:56:44 +0800 Subject: [PATCH 43/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index b3be6a3..70028f4 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -272,3 +272,4 @@ + 2023/02/10 [红队攻防实践:unicode进行webshell免杀的思考](https://mp.weixin.qq.com/s?__biz=MzI4MzA0ODUwNw==&mid=2247484997&idx=1&sn=8694814291d80337928e59afd3034b4c&chksm=eb91e911dce6600735f1d4fae65fb01c682fe9bddc3e72a67d2ae993baac5ccc1f93c1924467&cur_album_id=1342350211271966722&scene=189#wechat_redirect) **里面的零宽连接符ZWJ有意思** [零宽字符妙用](https://1991421.cn/2021/03/08/3c5b1b78/) + 2023/02/11 [PWN2OWNING TWO HOSTS AT THE SAME TIME: ABUSING INDUCTIVE AUTOMATION IGNITION’S CUSTOM DESERIALIZATION](https://www.zerodayinitiative.com/blog/2023/2/6/pwn2owning-two-hosts-at-the-same-time-abusing-inductive-automation-ignitions-custom-deserialization) + 2023/02/14 [环境变量的利用](https://www.elttam.com/blog/env/#content) **np的** ++ 2023/02/14 [GHSL-2021-1009: URL access filters bypass in Alpine - CVE-2022-23553](https://securitylab.github.com/advisories/GHSL-2021-1009-Alpine/) **很多这样的bypass权限的利用** From b503047ef4c3079a5a705a93c01eb2c8e5e4f15d Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Thu, 16 Feb 2023 00:11:53 +0800 Subject: [PATCH 44/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 70028f4..d955a35 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -273,3 +273,4 @@ + 2023/02/11 [PWN2OWNING TWO HOSTS AT THE SAME TIME: ABUSING INDUCTIVE AUTOMATION IGNITION’S CUSTOM DESERIALIZATION](https://www.zerodayinitiative.com/blog/2023/2/6/pwn2owning-two-hosts-at-the-same-time-abusing-inductive-automation-ignitions-custom-deserialization) + 2023/02/14 [环境变量的利用](https://www.elttam.com/blog/env/#content) **np的** + 2023/02/14 [GHSL-2021-1009: URL access filters bypass in Alpine - CVE-2022-23553](https://securitylab.github.com/advisories/GHSL-2021-1009-Alpine/) **很多这样的bypass权限的利用** ++ 2023/02/16 [XXE with Auto-Update in install4j](https://frycos.github.io/vulns4free/2023/02/12/install4j-xxe.html) **这个思路非常好,很多产品自动更新的时候去server端解析传递过来的xml格式就可能造成xxe。我们只需要evil server就可以完成攻击** From cc284e79c6d34b2f343a438c11c99854c2d0f43f Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sat, 18 Feb 2023 22:31:23 +0800 Subject: [PATCH 45/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index d955a35..4932f67 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -274,3 +274,4 @@ + 2023/02/14 [环境变量的利用](https://www.elttam.com/blog/env/#content) **np的** + 2023/02/14 [GHSL-2021-1009: URL access filters bypass in Alpine - CVE-2022-23553](https://securitylab.github.com/advisories/GHSL-2021-1009-Alpine/) **很多这样的bypass权限的利用** + 2023/02/16 [XXE with Auto-Update in install4j](https://frycos.github.io/vulns4free/2023/02/12/install4j-xxe.html) **这个思路非常好,很多产品自动更新的时候去server端解析传递过来的xml格式就可能造成xxe。我们只需要evil server就可以完成攻击** ++ 2023/02/18 [https://mp.weixin.qq.com/s/ff6LsT2j1OY1lv-_9gJN2A](顶级Javaer都在使用的类库,真香!) **可以记录一下** From 4e0ce4ecefb4d473bf9604f203e102eb9fc9c419 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 19 Feb 2023 21:12:18 +0800 Subject: [PATCH 46/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 4932f67..ba1ceb2 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -275,3 +275,4 @@ + 2023/02/14 [GHSL-2021-1009: URL access filters bypass in Alpine - CVE-2022-23553](https://securitylab.github.com/advisories/GHSL-2021-1009-Alpine/) **很多这样的bypass权限的利用** + 2023/02/16 [XXE with Auto-Update in install4j](https://frycos.github.io/vulns4free/2023/02/12/install4j-xxe.html) **这个思路非常好,很多产品自动更新的时候去server端解析传递过来的xml格式就可能造成xxe。我们只需要evil server就可以完成攻击** + 2023/02/18 [https://mp.weixin.qq.com/s/ff6LsT2j1OY1lv-_9gJN2A](顶级Javaer都在使用的类库,真香!) **可以记录一下** ++ 2023/02/19 [Java代码审计项目--某在线教育开源系统](https://mp.weixin.qq.com/s/4sZWD792zxLIkIXPk01yhA) **这个流程是比较好的,看一些过滤器和监听器** From f3396a31db8d7b0fde4404991fd9a08f2f105937 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 19 Feb 2023 23:54:43 +0800 Subject: [PATCH 47/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index ba1ceb2..b5df6e9 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -276,3 +276,4 @@ + 2023/02/16 [XXE with Auto-Update in install4j](https://frycos.github.io/vulns4free/2023/02/12/install4j-xxe.html) **这个思路非常好,很多产品自动更新的时候去server端解析传递过来的xml格式就可能造成xxe。我们只需要evil server就可以完成攻击** + 2023/02/18 [https://mp.weixin.qq.com/s/ff6LsT2j1OY1lv-_9gJN2A](顶级Javaer都在使用的类库,真香!) **可以记录一下** + 2023/02/19 [Java代码审计项目--某在线教育开源系统](https://mp.weixin.qq.com/s/4sZWD792zxLIkIXPk01yhA) **这个流程是比较好的,看一些过滤器和监听器** ++ 2023/02/19 [关于使用OCR文字识别方式进行免杀](https://xz.aliyun.com/t/12114) **好思路啊** From e13aa0d4fe761514ead4608b66d4afd3a03a6ea4 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Mon, 20 Feb 2023 13:48:16 +0800 Subject: [PATCH 48/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index b5df6e9..51cc13e 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -277,3 +277,4 @@ + 2023/02/18 [https://mp.weixin.qq.com/s/ff6LsT2j1OY1lv-_9gJN2A](顶级Javaer都在使用的类库,真香!) **可以记录一下** + 2023/02/19 [Java代码审计项目--某在线教育开源系统](https://mp.weixin.qq.com/s/4sZWD792zxLIkIXPk01yhA) **这个流程是比较好的,看一些过滤器和监听器** + 2023/02/19 [关于使用OCR文字识别方式进行免杀](https://xz.aliyun.com/t/12114) **好思路啊** ++ 2023/02/20 [redis安全学习小记](https://mp.weixin.qq.com/s/W9joCtUQfNA62ZWXwqMmsw) **redis安全学习** From 71c867e35aee0a2fc12925d5e0586b1e0d74e3df Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Mon, 20 Feb 2023 14:03:49 +0800 Subject: [PATCH 49/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 51cc13e..e99a5ff 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -278,3 +278,4 @@ + 2023/02/19 [Java代码审计项目--某在线教育开源系统](https://mp.weixin.qq.com/s/4sZWD792zxLIkIXPk01yhA) **这个流程是比较好的,看一些过滤器和监听器** + 2023/02/19 [关于使用OCR文字识别方式进行免杀](https://xz.aliyun.com/t/12114) **好思路啊** + 2023/02/20 [redis安全学习小记](https://mp.weixin.qq.com/s/W9joCtUQfNA62ZWXwqMmsw) **redis安全学习** ++ 2023/02/20 [一次“SSRF-->RCE”的艰难利用](https://mp.weixin.qq.com/s?__biz=MzUyMDEyNTkwNA==&mid=2247483865&idx=1&sn=41e56040229e383a82a671fc359ee82b&chksm=f9ee6d66ce99e470d102becfcf63955f2aae1d88bc43ef8e7939bc93d786ff2f994eac969d32&scene=21&sessionid=1586255695&key=c00e1a5b49adb240be940797e7d3cb821bae9b89771be268faa858b2888bbba3e96562ccac53df81389cb41e548a9e6412d4f83b6b7b541825630aa6ace9d1d040a3b7cd677b5ca137cc9b1d2297948e&ascene=1&uin=MzE0MDM4MzExMw==&devicetype=Windows%2010&version=62080079&lang=zh_CN&exportkey=A6a52QI1M4H5IGXp8ekqTtY=&pass_ticket=awXcPg/ApqlfbrG8njT11ZZYAGjwbhrnExtbvARh//rtbsupQLnZBKBPE6SCXvhn#wechat_redirect) **学习** From d29418b5c34566a622647549ba52971f1ad1bad6 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Mon, 20 Feb 2023 23:16:45 +0800 Subject: [PATCH 50/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index e99a5ff..190a594 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -279,3 +279,4 @@ + 2023/02/19 [关于使用OCR文字识别方式进行免杀](https://xz.aliyun.com/t/12114) **好思路啊** + 2023/02/20 [redis安全学习小记](https://mp.weixin.qq.com/s/W9joCtUQfNA62ZWXwqMmsw) **redis安全学习** + 2023/02/20 [一次“SSRF-->RCE”的艰难利用](https://mp.weixin.qq.com/s?__biz=MzUyMDEyNTkwNA==&mid=2247483865&idx=1&sn=41e56040229e383a82a671fc359ee82b&chksm=f9ee6d66ce99e470d102becfcf63955f2aae1d88bc43ef8e7939bc93d786ff2f994eac969d32&scene=21&sessionid=1586255695&key=c00e1a5b49adb240be940797e7d3cb821bae9b89771be268faa858b2888bbba3e96562ccac53df81389cb41e548a9e6412d4f83b6b7b541825630aa6ace9d1d040a3b7cd677b5ca137cc9b1d2297948e&ascene=1&uin=MzE0MDM4MzExMw==&devicetype=Windows%2010&version=62080079&lang=zh_CN&exportkey=A6a52QI1M4H5IGXp8ekqTtY=&pass_ticket=awXcPg/ApqlfbrG8njT11ZZYAGjwbhrnExtbvARh//rtbsupQLnZBKBPE6SCXvhn#wechat_redirect) **学习** ++ 2023/02/20 [五一快乐-微某OA从0day流量分析到武器化利用](https://mp.weixin.qq.com/s/iTP9jBypsJEsSlAIaNOnhw) From 1f02625eb06ca1416d472985025e19a948f56ea9 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Thu, 23 Feb 2023 14:26:43 +0800 Subject: [PATCH 51/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 190a594..d0965a9 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -280,3 +280,4 @@ + 2023/02/20 [redis安全学习小记](https://mp.weixin.qq.com/s/W9joCtUQfNA62ZWXwqMmsw) **redis安全学习** + 2023/02/20 [一次“SSRF-->RCE”的艰难利用](https://mp.weixin.qq.com/s?__biz=MzUyMDEyNTkwNA==&mid=2247483865&idx=1&sn=41e56040229e383a82a671fc359ee82b&chksm=f9ee6d66ce99e470d102becfcf63955f2aae1d88bc43ef8e7939bc93d786ff2f994eac969d32&scene=21&sessionid=1586255695&key=c00e1a5b49adb240be940797e7d3cb821bae9b89771be268faa858b2888bbba3e96562ccac53df81389cb41e548a9e6412d4f83b6b7b541825630aa6ace9d1d040a3b7cd677b5ca137cc9b1d2297948e&ascene=1&uin=MzE0MDM4MzExMw==&devicetype=Windows%2010&version=62080079&lang=zh_CN&exportkey=A6a52QI1M4H5IGXp8ekqTtY=&pass_ticket=awXcPg/ApqlfbrG8njT11ZZYAGjwbhrnExtbvARh//rtbsupQLnZBKBPE6SCXvhn#wechat_redirect) **学习** + 2023/02/20 [五一快乐-微某OA从0day流量分析到武器化利用](https://mp.weixin.qq.com/s/iTP9jBypsJEsSlAIaNOnhw) ++ 2023/02/23 [实战 | 记一次针对非法网站的SSRF渗透](https://mp.weixin.qq.com/s/yfWAu6ebXA14GfOTP86XsA) From 68e880256f1f0caa55e67c1c47f9cc1bd274001f Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Fri, 24 Feb 2023 18:24:28 +0800 Subject: [PATCH 52/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index d0965a9..ecda1e9 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -281,3 +281,4 @@ + 2023/02/20 [一次“SSRF-->RCE”的艰难利用](https://mp.weixin.qq.com/s?__biz=MzUyMDEyNTkwNA==&mid=2247483865&idx=1&sn=41e56040229e383a82a671fc359ee82b&chksm=f9ee6d66ce99e470d102becfcf63955f2aae1d88bc43ef8e7939bc93d786ff2f994eac969d32&scene=21&sessionid=1586255695&key=c00e1a5b49adb240be940797e7d3cb821bae9b89771be268faa858b2888bbba3e96562ccac53df81389cb41e548a9e6412d4f83b6b7b541825630aa6ace9d1d040a3b7cd677b5ca137cc9b1d2297948e&ascene=1&uin=MzE0MDM4MzExMw==&devicetype=Windows%2010&version=62080079&lang=zh_CN&exportkey=A6a52QI1M4H5IGXp8ekqTtY=&pass_ticket=awXcPg/ApqlfbrG8njT11ZZYAGjwbhrnExtbvARh//rtbsupQLnZBKBPE6SCXvhn#wechat_redirect) **学习** + 2023/02/20 [五一快乐-微某OA从0day流量分析到武器化利用](https://mp.weixin.qq.com/s/iTP9jBypsJEsSlAIaNOnhw) + 2023/02/23 [实战 | 记一次针对非法网站的SSRF渗透](https://mp.weixin.qq.com/s/yfWAu6ebXA14GfOTP86XsA) ++ 2023/02/24 [【剖析 | SOFARPC 框架】之 SOFARPC 序列化比较](https://www.sofastack.tech/blog/sofa-rpc-serialization-comparison/) From d3faec268f216b3d67813d249a772e8f2d059165 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Thu, 2 Mar 2023 22:11:15 +0800 Subject: [PATCH 53/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index ecda1e9..d007b10 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -282,3 +282,4 @@ + 2023/02/20 [五一快乐-微某OA从0day流量分析到武器化利用](https://mp.weixin.qq.com/s/iTP9jBypsJEsSlAIaNOnhw) + 2023/02/23 [实战 | 记一次针对非法网站的SSRF渗透](https://mp.weixin.qq.com/s/yfWAu6ebXA14GfOTP86XsA) + 2023/02/24 [【剖析 | SOFARPC 框架】之 SOFARPC 序列化比较](https://www.sofastack.tech/blog/sofa-rpc-serialization-comparison/) ++ 2023/03/02 [绕过Struts2 waf写入冰蝎马](https://mp.weixin.qq.com/s?__biz=MzkzNzE4MTk4Nw==&mid=2247485835&idx=1&sn=d09939cc178f8e7aaa085bbbef622557&chksm=c2921fc7f5e596d1312a37b816345a78d4343d509432725a0a558745304c579b9044ef870267&mpshare=1&scene=23&srcid=02286Y2A5JswXVZdDgoD4BXN&sharer_sharetime=1677591306084&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) From 8f5b383daf528198c5a5a3af50847a27ac338569 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Thu, 2 Mar 2023 22:26:27 +0800 Subject: [PATCH 54/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index d007b10..34b177d 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -283,3 +283,4 @@ + 2023/02/23 [实战 | 记一次针对非法网站的SSRF渗透](https://mp.weixin.qq.com/s/yfWAu6ebXA14GfOTP86XsA) + 2023/02/24 [【剖析 | SOFARPC 框架】之 SOFARPC 序列化比较](https://www.sofastack.tech/blog/sofa-rpc-serialization-comparison/) + 2023/03/02 [绕过Struts2 waf写入冰蝎马](https://mp.weixin.qq.com/s?__biz=MzkzNzE4MTk4Nw==&mid=2247485835&idx=1&sn=d09939cc178f8e7aaa085bbbef622557&chksm=c2921fc7f5e596d1312a37b816345a78d4343d509432725a0a558745304c579b9044ef870267&mpshare=1&scene=23&srcid=02286Y2A5JswXVZdDgoD4BXN&sharer_sharetime=1677591306084&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) ++ 2023/03/02 [加密SOCKS5信道中防DNS泄露](https://mp.weixin.qq.com/s?__biz=MzUzMjQyMDE3Ng==&mid=2247486522&idx=1&sn=b438259298ecc59b9798dc689143d537&chksm=fab2cf05cdc546135f1347b2138b7d9d5332e30be4f6e059228f15f690a909aff83abf1d03ac&mpshare=1&scene=23&srcid=0228Kxs8UTPwmU6zhqNTsXVQ&sharer_sharetime=1677551815058&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) From a647c3832d3d6ee4f99d95cab58579f36286c394 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Thu, 2 Mar 2023 23:35:08 +0800 Subject: [PATCH 55/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 34b177d..343a0e9 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -284,3 +284,4 @@ + 2023/02/24 [【剖析 | SOFARPC 框架】之 SOFARPC 序列化比较](https://www.sofastack.tech/blog/sofa-rpc-serialization-comparison/) + 2023/03/02 [绕过Struts2 waf写入冰蝎马](https://mp.weixin.qq.com/s?__biz=MzkzNzE4MTk4Nw==&mid=2247485835&idx=1&sn=d09939cc178f8e7aaa085bbbef622557&chksm=c2921fc7f5e596d1312a37b816345a78d4343d509432725a0a558745304c579b9044ef870267&mpshare=1&scene=23&srcid=02286Y2A5JswXVZdDgoD4BXN&sharer_sharetime=1677591306084&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) + 2023/03/02 [加密SOCKS5信道中防DNS泄露](https://mp.weixin.qq.com/s?__biz=MzUzMjQyMDE3Ng==&mid=2247486522&idx=1&sn=b438259298ecc59b9798dc689143d537&chksm=fab2cf05cdc546135f1347b2138b7d9d5332e30be4f6e059228f15f690a909aff83abf1d03ac&mpshare=1&scene=23&srcid=0228Kxs8UTPwmU6zhqNTsXVQ&sharer_sharetime=1677551815058&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) ++ 2023/03/02 [【渗透测试实战】--waf绕过--打狗棒法](https://mp.weixin.qq.com/s?__biz=Mzg2NDYwMDA1NA==&mid=2247527297&idx=1&sn=d7f1896b68a2253dcecf2780fb49b8ba&chksm=ce64c118f913480e4edd66dff46f1a9181b5c61dd1b3324db41b95338804a7124868c5740fff&mpshare=1&scene=23&srcid=03026OJPm0666pbtYyYnpZVR&sharer_sharetime=1677756888794&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **1.Content-Type中的boundary边界混淆绕过 ** From bb2868e6ac6d1d7dd3db990593907d155c71aa67 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 5 Mar 2023 19:08:05 +0800 Subject: [PATCH 56/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 343a0e9..93ff134 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -285,3 +285,4 @@ + 2023/03/02 [绕过Struts2 waf写入冰蝎马](https://mp.weixin.qq.com/s?__biz=MzkzNzE4MTk4Nw==&mid=2247485835&idx=1&sn=d09939cc178f8e7aaa085bbbef622557&chksm=c2921fc7f5e596d1312a37b816345a78d4343d509432725a0a558745304c579b9044ef870267&mpshare=1&scene=23&srcid=02286Y2A5JswXVZdDgoD4BXN&sharer_sharetime=1677591306084&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) + 2023/03/02 [加密SOCKS5信道中防DNS泄露](https://mp.weixin.qq.com/s?__biz=MzUzMjQyMDE3Ng==&mid=2247486522&idx=1&sn=b438259298ecc59b9798dc689143d537&chksm=fab2cf05cdc546135f1347b2138b7d9d5332e30be4f6e059228f15f690a909aff83abf1d03ac&mpshare=1&scene=23&srcid=0228Kxs8UTPwmU6zhqNTsXVQ&sharer_sharetime=1677551815058&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) + 2023/03/02 [【渗透测试实战】--waf绕过--打狗棒法](https://mp.weixin.qq.com/s?__biz=Mzg2NDYwMDA1NA==&mid=2247527297&idx=1&sn=d7f1896b68a2253dcecf2780fb49b8ba&chksm=ce64c118f913480e4edd66dff46f1a9181b5c61dd1b3324db41b95338804a7124868c5740fff&mpshare=1&scene=23&srcid=03026OJPm0666pbtYyYnpZVR&sharer_sharetime=1677756888794&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **1.Content-Type中的boundary边界混淆绕过 ** ++ 2023/03/05 [代码执行之篡改 deb 包控制文件](https://xz.aliyun.com/t/12250) **在考虑msi 安装程序能不能利用?** From 1edd6659cf14d966231c3df6fec6cb88ad485dd9 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 5 Mar 2023 19:17:10 +0800 Subject: [PATCH 57/97] Update Readme.md --- shell/SPEL/Readme.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/shell/SPEL/Readme.md b/shell/SPEL/Readme.md index 82b8808..e989f3e 100644 --- a/shell/SPEL/Readme.md +++ b/shell/SPEL/Readme.md @@ -113,6 +113,8 @@ print(')}') 其他bypass: https://xz.aliyun.com/t/9245 +https://h1pmnh.github.io/post/writeup_spring_el_waf_bypass/ + ## springboot回显 ``` Java.type("org.springframework.web.context.request.RequestContextHolder").currentRequestAttributes().getResponse().addHeader("test",new java.lang.String(Java.type("sun.misc.IOUtils").readFully(new java.io.FileInputStream("/flag"),1024,false))); From ee15da5ce535972548f4b2621fd8046414925caa Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 5 Mar 2023 19:18:28 +0800 Subject: [PATCH 58/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 93ff134..af19bb5 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -285,4 +285,4 @@ + 2023/03/02 [绕过Struts2 waf写入冰蝎马](https://mp.weixin.qq.com/s?__biz=MzkzNzE4MTk4Nw==&mid=2247485835&idx=1&sn=d09939cc178f8e7aaa085bbbef622557&chksm=c2921fc7f5e596d1312a37b816345a78d4343d509432725a0a558745304c579b9044ef870267&mpshare=1&scene=23&srcid=02286Y2A5JswXVZdDgoD4BXN&sharer_sharetime=1677591306084&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) + 2023/03/02 [加密SOCKS5信道中防DNS泄露](https://mp.weixin.qq.com/s?__biz=MzUzMjQyMDE3Ng==&mid=2247486522&idx=1&sn=b438259298ecc59b9798dc689143d537&chksm=fab2cf05cdc546135f1347b2138b7d9d5332e30be4f6e059228f15f690a909aff83abf1d03ac&mpshare=1&scene=23&srcid=0228Kxs8UTPwmU6zhqNTsXVQ&sharer_sharetime=1677551815058&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) + 2023/03/02 [【渗透测试实战】--waf绕过--打狗棒法](https://mp.weixin.qq.com/s?__biz=Mzg2NDYwMDA1NA==&mid=2247527297&idx=1&sn=d7f1896b68a2253dcecf2780fb49b8ba&chksm=ce64c118f913480e4edd66dff46f1a9181b5c61dd1b3324db41b95338804a7124868c5740fff&mpshare=1&scene=23&srcid=03026OJPm0666pbtYyYnpZVR&sharer_sharetime=1677756888794&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **1.Content-Type中的boundary边界混淆绕过 ** -+ 2023/03/05 [代码执行之篡改 deb 包控制文件](https://xz.aliyun.com/t/12250) **在考虑msi 安装程序能不能利用?** ++ 2023/03/05 [代码执行之篡改 deb 包控制文件](https://xz.aliyun.com/t/12250) **在考虑msi 安装程序能不能利用?** [Threat Analysis: MSI - Masquerading as a Software Installer](https://www.cybereason.com/blog/threat-analysis-msi-masquerading-as-software-installer) From f27ab7aa58e9fe5a51fa6a996a7dc7489179428e Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Tue, 7 Mar 2023 13:41:19 +0800 Subject: [PATCH 59/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index af19bb5..e25be21 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -286,3 +286,4 @@ + 2023/03/02 [加密SOCKS5信道中防DNS泄露](https://mp.weixin.qq.com/s?__biz=MzUzMjQyMDE3Ng==&mid=2247486522&idx=1&sn=b438259298ecc59b9798dc689143d537&chksm=fab2cf05cdc546135f1347b2138b7d9d5332e30be4f6e059228f15f690a909aff83abf1d03ac&mpshare=1&scene=23&srcid=0228Kxs8UTPwmU6zhqNTsXVQ&sharer_sharetime=1677551815058&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) + 2023/03/02 [【渗透测试实战】--waf绕过--打狗棒法](https://mp.weixin.qq.com/s?__biz=Mzg2NDYwMDA1NA==&mid=2247527297&idx=1&sn=d7f1896b68a2253dcecf2780fb49b8ba&chksm=ce64c118f913480e4edd66dff46f1a9181b5c61dd1b3324db41b95338804a7124868c5740fff&mpshare=1&scene=23&srcid=03026OJPm0666pbtYyYnpZVR&sharer_sharetime=1677756888794&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **1.Content-Type中的boundary边界混淆绕过 ** + 2023/03/05 [代码执行之篡改 deb 包控制文件](https://xz.aliyun.com/t/12250) **在考虑msi 安装程序能不能利用?** [Threat Analysis: MSI - Masquerading as a Software Installer](https://www.cybereason.com/blog/threat-analysis-msi-masquerading-as-software-installer) ++ 2023/03/07 [为什么 Nginx 比 Apache 更牛叉?](https://mp.weixin.qq.com/s/nz0OZsa0rEyF5L40rD5zYg) From 7c826d0ce4ef148e0ff87af5e6a2557df40e46fe Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Wed, 8 Mar 2023 17:06:56 +0800 Subject: [PATCH 60/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index e25be21..43b12c0 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -287,3 +287,4 @@ + 2023/03/02 [【渗透测试实战】--waf绕过--打狗棒法](https://mp.weixin.qq.com/s?__biz=Mzg2NDYwMDA1NA==&mid=2247527297&idx=1&sn=d7f1896b68a2253dcecf2780fb49b8ba&chksm=ce64c118f913480e4edd66dff46f1a9181b5c61dd1b3324db41b95338804a7124868c5740fff&mpshare=1&scene=23&srcid=03026OJPm0666pbtYyYnpZVR&sharer_sharetime=1677756888794&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **1.Content-Type中的boundary边界混淆绕过 ** + 2023/03/05 [代码执行之篡改 deb 包控制文件](https://xz.aliyun.com/t/12250) **在考虑msi 安装程序能不能利用?** [Threat Analysis: MSI - Masquerading as a Software Installer](https://www.cybereason.com/blog/threat-analysis-msi-masquerading-as-software-installer) + 2023/03/07 [为什么 Nginx 比 Apache 更牛叉?](https://mp.weixin.qq.com/s/nz0OZsa0rEyF5L40rD5zYg) ++ 2023/03/08 [A New Vector For “Dirty” Arbitrary File Write to RCE](https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html) [uwsgi生产环境](https://www.cnblogs.com/chunlin99x/p/16291085.html) uwsgi环境写文件rce From f522f8d08343b78113d6eba260a4cdd8285b148d Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sat, 11 Mar 2023 15:27:52 +0800 Subject: [PATCH 61/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 43b12c0..cc935fb 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -288,3 +288,4 @@ + 2023/03/05 [代码执行之篡改 deb 包控制文件](https://xz.aliyun.com/t/12250) **在考虑msi 安装程序能不能利用?** [Threat Analysis: MSI - Masquerading as a Software Installer](https://www.cybereason.com/blog/threat-analysis-msi-masquerading-as-software-installer) + 2023/03/07 [为什么 Nginx 比 Apache 更牛叉?](https://mp.weixin.qq.com/s/nz0OZsa0rEyF5L40rD5zYg) + 2023/03/08 [A New Vector For “Dirty” Arbitrary File Write to RCE](https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html) [uwsgi生产环境](https://www.cnblogs.com/chunlin99x/p/16291085.html) uwsgi环境写文件rce ++ 2023/03/11 [CVE-2022-36413 Unauthorized Reset Password of Zoho ManageEngine ADSelfService Plus](https://blog.noah.360.net/cve-2022-36413-unauthorized-reset-password-of-zoho-manageengine-adselfservice-plus/) From 6a53275e3d9f210d69ba80eec2d8f41856d79dee Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sat, 11 Mar 2023 21:26:49 +0800 Subject: [PATCH 62/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index cc935fb..9c448bc 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -289,3 +289,4 @@ + 2023/03/07 [为什么 Nginx 比 Apache 更牛叉?](https://mp.weixin.qq.com/s/nz0OZsa0rEyF5L40rD5zYg) + 2023/03/08 [A New Vector For “Dirty” Arbitrary File Write to RCE](https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html) [uwsgi生产环境](https://www.cnblogs.com/chunlin99x/p/16291085.html) uwsgi环境写文件rce + 2023/03/11 [CVE-2022-36413 Unauthorized Reset Password of Zoho ManageEngine ADSelfService Plus](https://blog.noah.360.net/cve-2022-36413-unauthorized-reset-password-of-zoho-manageengine-adselfservice-plus/) ++ 2023/03/11 [第53篇:某OA系统的H2数据库延时注入点不出网拿shell方法](https://mp.weixin.qq.com/s/Lu4V_J6cresqmVnfQmg05g) **思路不错** From a27e7a5591ab749e9162871f86836366aae41ede Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sat, 11 Mar 2023 23:55:29 +0800 Subject: [PATCH 63/97] Update Readme.md --- Jetty/Readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jetty/Readme.md b/Jetty/Readme.md index c036d30..5d7c237 100644 --- a/Jetty/Readme.md +++ b/Jetty/Readme.md @@ -2,4 +2,4 @@ 好文章: -https://swarm.ptsecurity.com/tag/web-application-security/ +https://swarm.ptsecurity.com/jetty-features-for-hacking-web-apps/ From 76f698fba4673f0994ce12893e07ecd9d32565c1 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 12 Mar 2023 18:50:02 +0800 Subject: [PATCH 64/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 9c448bc..9e15d67 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -290,3 +290,4 @@ + 2023/03/08 [A New Vector For “Dirty” Arbitrary File Write to RCE](https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html) [uwsgi生产环境](https://www.cnblogs.com/chunlin99x/p/16291085.html) uwsgi环境写文件rce + 2023/03/11 [CVE-2022-36413 Unauthorized Reset Password of Zoho ManageEngine ADSelfService Plus](https://blog.noah.360.net/cve-2022-36413-unauthorized-reset-password-of-zoho-manageengine-adselfservice-plus/) + 2023/03/11 [第53篇:某OA系统的H2数据库延时注入点不出网拿shell方法](https://mp.weixin.qq.com/s/Lu4V_J6cresqmVnfQmg05g) **思路不错** ++ 2023/03/12 [chatgpt能分析0day漏洞么?](https://mp.weixin.qq.com/s?__biz=MzI1MDA1MjcxMw==&mid=2649907994&idx=1&sn=8984318d81b046ab202650f52557a12b&chksm=f18eea1cc6f9630aca2d2e6d88a767ffc5bd2f44e4367e1b0c68669b11097388b3c5f1e044a0&mpshare=1&scene=23&srcid=0312uHzVdJj4KvnBdTHy0TKM&sharer_sharetime=1678611522010&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **ai np** From 02d456e5f11c485967dd31b5301e12d19a26766d Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 12 Mar 2023 19:09:17 +0800 Subject: [PATCH 65/97] Update Readme.md --- Jetty/Readme.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Jetty/Readme.md b/Jetty/Readme.md index 5d7c237..5405b5c 100644 --- a/Jetty/Readme.md +++ b/Jetty/Readme.md @@ -3,3 +3,5 @@ 好文章: https://swarm.ptsecurity.com/jetty-features-for-hacking-web-apps/ + +https://xz.aliyun.com/t/10039 From 3f9c672c1d196f3f2f511be00585af28fc660134 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 12 Mar 2023 22:59:08 +0800 Subject: [PATCH 66/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 9e15d67..65c6fc7 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -291,3 +291,4 @@ + 2023/03/11 [CVE-2022-36413 Unauthorized Reset Password of Zoho ManageEngine ADSelfService Plus](https://blog.noah.360.net/cve-2022-36413-unauthorized-reset-password-of-zoho-manageengine-adselfservice-plus/) + 2023/03/11 [第53篇:某OA系统的H2数据库延时注入点不出网拿shell方法](https://mp.weixin.qq.com/s/Lu4V_J6cresqmVnfQmg05g) **思路不错** + 2023/03/12 [chatgpt能分析0day漏洞么?](https://mp.weixin.qq.com/s?__biz=MzI1MDA1MjcxMw==&mid=2649907994&idx=1&sn=8984318d81b046ab202650f52557a12b&chksm=f18eea1cc6f9630aca2d2e6d88a767ffc5bd2f44e4367e1b0c68669b11097388b3c5f1e044a0&mpshare=1&scene=23&srcid=0312uHzVdJj4KvnBdTHy0TKM&sharer_sharetime=1678611522010&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **ai np** ++ 2023/03/12 [钓鱼邮件中绕过内容检测的一种方式](https://mp.weixin.qq.com/s/oDFCn5K4rXXg-_ALv0-qYw) **bypass 好多内容敏感检测** From 8ea03eebe5c5fe80c327f099b15fa780f054640a Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Mon, 13 Mar 2023 18:12:18 +0800 Subject: [PATCH 67/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 65c6fc7..e11e728 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -292,3 +292,4 @@ + 2023/03/11 [第53篇:某OA系统的H2数据库延时注入点不出网拿shell方法](https://mp.weixin.qq.com/s/Lu4V_J6cresqmVnfQmg05g) **思路不错** + 2023/03/12 [chatgpt能分析0day漏洞么?](https://mp.weixin.qq.com/s?__biz=MzI1MDA1MjcxMw==&mid=2649907994&idx=1&sn=8984318d81b046ab202650f52557a12b&chksm=f18eea1cc6f9630aca2d2e6d88a767ffc5bd2f44e4367e1b0c68669b11097388b3c5f1e044a0&mpshare=1&scene=23&srcid=0312uHzVdJj4KvnBdTHy0TKM&sharer_sharetime=1678611522010&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **ai np** + 2023/03/12 [钓鱼邮件中绕过内容检测的一种方式](https://mp.weixin.qq.com/s/oDFCn5K4rXXg-_ALv0-qYw) **bypass 好多内容敏感检测** ++ 2023/03/13 [攻击技术研判 | 使用蜂鸣器对抗沙箱检测技术](https://mp.weixin.qq.com/s/DrUWV4baPIA3WtCVjFp3gw) **就是利用其api实现sleep的效果,对抗沙箱** From fe7f2867c318b254903e4b6be87a08b85339c787 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Tue, 14 Mar 2023 10:33:17 +0800 Subject: [PATCH 68/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index e11e728..46272cd 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -293,3 +293,4 @@ + 2023/03/12 [chatgpt能分析0day漏洞么?](https://mp.weixin.qq.com/s?__biz=MzI1MDA1MjcxMw==&mid=2649907994&idx=1&sn=8984318d81b046ab202650f52557a12b&chksm=f18eea1cc6f9630aca2d2e6d88a767ffc5bd2f44e4367e1b0c68669b11097388b3c5f1e044a0&mpshare=1&scene=23&srcid=0312uHzVdJj4KvnBdTHy0TKM&sharer_sharetime=1678611522010&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **ai np** + 2023/03/12 [钓鱼邮件中绕过内容检测的一种方式](https://mp.weixin.qq.com/s/oDFCn5K4rXXg-_ALv0-qYw) **bypass 好多内容敏感检测** + 2023/03/13 [攻击技术研判 | 使用蜂鸣器对抗沙箱检测技术](https://mp.weixin.qq.com/s/DrUWV4baPIA3WtCVjFp3gw) **就是利用其api实现sleep的效果,对抗沙箱** ++ 2023/03/14 [从挑战赛看阿里云RASP防御优势与云上最佳实践](https://mp.weixin.qq.com/s?__biz=MzA4MTQ2MjI5OA==&mid=2664088876&idx=1&sn=cc29a7dc475e08300390eae40902808d&chksm=84aaf059b3dd794fe63c1f8af5cdafbca404bdd2e956a658f0807ba5e74d98cfc9369573e64c&mpshare=1&scene=23&srcid=0313b3xCwrxOPs14Cc4DeDtz&sharer_sharetime=1678702681315&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) From 26ee70fed9e9fbe051a6a85cbe68e70864e4be8f Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Wed, 15 Mar 2023 14:43:24 +0800 Subject: [PATCH 69/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 46272cd..1e58f49 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -294,3 +294,4 @@ + 2023/03/12 [钓鱼邮件中绕过内容检测的一种方式](https://mp.weixin.qq.com/s/oDFCn5K4rXXg-_ALv0-qYw) **bypass 好多内容敏感检测** + 2023/03/13 [攻击技术研判 | 使用蜂鸣器对抗沙箱检测技术](https://mp.weixin.qq.com/s/DrUWV4baPIA3WtCVjFp3gw) **就是利用其api实现sleep的效果,对抗沙箱** + 2023/03/14 [从挑战赛看阿里云RASP防御优势与云上最佳实践](https://mp.weixin.qq.com/s?__biz=MzA4MTQ2MjI5OA==&mid=2664088876&idx=1&sn=cc29a7dc475e08300390eae40902808d&chksm=84aaf059b3dd794fe63c1f8af5cdafbca404bdd2e956a658f0807ba5e74d98cfc9369573e64c&mpshare=1&scene=23&srcid=0313b3xCwrxOPs14Cc4DeDtz&sharer_sharetime=1678702681315&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) ++ 2023/03/15 [永恒之蓝Windows10版踩坑复现](https://mp.weixin.qq.com/s/H8cOsXmH0EzDPEBsPgvMrg) From ab0ce4738def82270edfe486823fa1b7c32e18f5 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Fri, 17 Mar 2023 12:11:19 +0800 Subject: [PATCH 70/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 1e58f49..b0f69b6 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -295,3 +295,4 @@ + 2023/03/13 [攻击技术研判 | 使用蜂鸣器对抗沙箱检测技术](https://mp.weixin.qq.com/s/DrUWV4baPIA3WtCVjFp3gw) **就是利用其api实现sleep的效果,对抗沙箱** + 2023/03/14 [从挑战赛看阿里云RASP防御优势与云上最佳实践](https://mp.weixin.qq.com/s?__biz=MzA4MTQ2MjI5OA==&mid=2664088876&idx=1&sn=cc29a7dc475e08300390eae40902808d&chksm=84aaf059b3dd794fe63c1f8af5cdafbca404bdd2e956a658f0807ba5e74d98cfc9369573e64c&mpshare=1&scene=23&srcid=0313b3xCwrxOPs14Cc4DeDtz&sharer_sharetime=1678702681315&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) + 2023/03/15 [永恒之蓝Windows10版踩坑复现](https://mp.weixin.qq.com/s/H8cOsXmH0EzDPEBsPgvMrg) ++ 2023/03/17 [老洞新绕](https://mp.weixin.qq.com/s/V1MWq8NBkSDjTBY4AiW6Pw) **tomcat 路径特性和Axis特性** From 48d65e312141dca3421ec78d72f5d2fb56964f3d Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Fri, 17 Mar 2023 12:15:35 +0800 Subject: [PATCH 71/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index b0f69b6..1c76aa4 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -296,3 +296,4 @@ + 2023/03/14 [从挑战赛看阿里云RASP防御优势与云上最佳实践](https://mp.weixin.qq.com/s?__biz=MzA4MTQ2MjI5OA==&mid=2664088876&idx=1&sn=cc29a7dc475e08300390eae40902808d&chksm=84aaf059b3dd794fe63c1f8af5cdafbca404bdd2e956a658f0807ba5e74d98cfc9369573e64c&mpshare=1&scene=23&srcid=0313b3xCwrxOPs14Cc4DeDtz&sharer_sharetime=1678702681315&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) + 2023/03/15 [永恒之蓝Windows10版踩坑复现](https://mp.weixin.qq.com/s/H8cOsXmH0EzDPEBsPgvMrg) + 2023/03/17 [老洞新绕](https://mp.weixin.qq.com/s/V1MWq8NBkSDjTBY4AiW6Pw) **tomcat 路径特性和Axis特性** ++ 2023/03/17 [Spring Boot 如果防护 XSS + SQL 注入攻击 ?一文带你搞定!](https://mp.weixin.qq.com/s/QTUr9ZiXMWqFu1-yhMICjghttps://mp.weixin.qq.com/s/QTUr9ZiXMWqFu1-yhMICjg) From c5e3fd5a005c6f7030be432f06c93deca0810798 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 19 Mar 2023 21:11:47 +0800 Subject: [PATCH 72/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 1c76aa4..898ef28 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -297,3 +297,4 @@ + 2023/03/15 [永恒之蓝Windows10版踩坑复现](https://mp.weixin.qq.com/s/H8cOsXmH0EzDPEBsPgvMrg) + 2023/03/17 [老洞新绕](https://mp.weixin.qq.com/s/V1MWq8NBkSDjTBY4AiW6Pw) **tomcat 路径特性和Axis特性** + 2023/03/17 [Spring Boot 如果防护 XSS + SQL 注入攻击 ?一文带你搞定!](https://mp.weixin.qq.com/s/QTUr9ZiXMWqFu1-yhMICjghttps://mp.weixin.qq.com/s/QTUr9ZiXMWqFu1-yhMICjg) ++ 2023/03/19 [Django下防御Race Condition漏洞](https://mp.weixin.qq.com/s/9f5Hxoyw5ne8IcYx4uwwvQ) From 0d43bc7ef57d10776b06583692dbba4093953358 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Thu, 23 Mar 2023 21:11:49 +0800 Subject: [PATCH 73/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 898ef28..ee3471a 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -298,3 +298,4 @@ + 2023/03/17 [老洞新绕](https://mp.weixin.qq.com/s/V1MWq8NBkSDjTBY4AiW6Pw) **tomcat 路径特性和Axis特性** + 2023/03/17 [Spring Boot 如果防护 XSS + SQL 注入攻击 ?一文带你搞定!](https://mp.weixin.qq.com/s/QTUr9ZiXMWqFu1-yhMICjghttps://mp.weixin.qq.com/s/QTUr9ZiXMWqFu1-yhMICjg) + 2023/03/19 [Django下防御Race Condition漏洞](https://mp.weixin.qq.com/s/9f5Hxoyw5ne8IcYx4uwwvQ) ++ 2023/03/23 [redis未授权到shiro反序列化](https://xz.aliyun.com/t/11198) 在shiro中不错,可以尝试找其他触发点,基本上在数据库的操作上 From c291cec664f149a2fb45451db3d479f000046eb5 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Fri, 24 Mar 2023 12:45:48 +0800 Subject: [PATCH 74/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index ee3471a..7781424 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -299,3 +299,4 @@ + 2023/03/17 [Spring Boot 如果防护 XSS + SQL 注入攻击 ?一文带你搞定!](https://mp.weixin.qq.com/s/QTUr9ZiXMWqFu1-yhMICjghttps://mp.weixin.qq.com/s/QTUr9ZiXMWqFu1-yhMICjg) + 2023/03/19 [Django下防御Race Condition漏洞](https://mp.weixin.qq.com/s/9f5Hxoyw5ne8IcYx4uwwvQ) + 2023/03/23 [redis未授权到shiro反序列化](https://xz.aliyun.com/t/11198) 在shiro中不错,可以尝试找其他触发点,基本上在数据库的操作上 ++ 2023/03/24 [Flink RCE via jar/plan API Endpoint in JDK8](https://mp.weixin.qq.com/s?srcid=0324U8WlT7MpOqTIt0vM2MJD&scene=23&sharer_sharetime=1679630653991&mid=2247495227&sharer_shareid=33fdea7abe6be586e131951d667ccd06&sn=5ab9bcc3d89d57ff9799f88c3363814c&idx=1&__biz=MzkyNDA5NjgyMg%3D%3D&chksm=c1d9ae62f6ae2774dd25902c116f6c24f3e5bbf68836f676c25aac53f2c6b771b4a3823c3e7e&mpshare=1#rd) **hessian的利用** From 24304a9f545ebf842434f36cacb1220c48c18fea Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 26 Mar 2023 23:25:59 +0800 Subject: [PATCH 75/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 7781424..bfe30ae 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -300,3 +300,4 @@ + 2023/03/19 [Django下防御Race Condition漏洞](https://mp.weixin.qq.com/s/9f5Hxoyw5ne8IcYx4uwwvQ) + 2023/03/23 [redis未授权到shiro反序列化](https://xz.aliyun.com/t/11198) 在shiro中不错,可以尝试找其他触发点,基本上在数据库的操作上 + 2023/03/24 [Flink RCE via jar/plan API Endpoint in JDK8](https://mp.weixin.qq.com/s?srcid=0324U8WlT7MpOqTIt0vM2MJD&scene=23&sharer_sharetime=1679630653991&mid=2247495227&sharer_shareid=33fdea7abe6be586e131951d667ccd06&sn=5ab9bcc3d89d57ff9799f88c3363814c&idx=1&__biz=MzkyNDA5NjgyMg%3D%3D&chksm=c1d9ae62f6ae2774dd25902c116f6c24f3e5bbf68836f676c25aac53f2c6b771b4a3823c3e7e&mpshare=1#rd) **hessian的利用** ++ 2023/03/26 [公开一个macOS命令执行技巧](https://mp.weixin.qq.com/s/GZ5eS_lHiBBb7jHNu6PUgg) **因为自己在使用了** From 9af26cc993bddda3ccc2a202e6f9b0e22d765470 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Mon, 27 Mar 2023 19:54:03 +0800 Subject: [PATCH 76/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index bfe30ae..6a21d12 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -301,3 +301,4 @@ + 2023/03/23 [redis未授权到shiro反序列化](https://xz.aliyun.com/t/11198) 在shiro中不错,可以尝试找其他触发点,基本上在数据库的操作上 + 2023/03/24 [Flink RCE via jar/plan API Endpoint in JDK8](https://mp.weixin.qq.com/s?srcid=0324U8WlT7MpOqTIt0vM2MJD&scene=23&sharer_sharetime=1679630653991&mid=2247495227&sharer_shareid=33fdea7abe6be586e131951d667ccd06&sn=5ab9bcc3d89d57ff9799f88c3363814c&idx=1&__biz=MzkyNDA5NjgyMg%3D%3D&chksm=c1d9ae62f6ae2774dd25902c116f6c24f3e5bbf68836f676c25aac53f2c6b771b4a3823c3e7e&mpshare=1#rd) **hessian的利用** + 2023/03/26 [公开一个macOS命令执行技巧](https://mp.weixin.qq.com/s/GZ5eS_lHiBBb7jHNu6PUgg) **因为自己在使用了** ++ 2023/03/27 [Exploiting memory corruption vulnerabilities on Android](https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/) From 282f20b743e8af584e7c6c4f7c045de618cc54a6 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Wed, 29 Mar 2023 00:24:32 +0800 Subject: [PATCH 77/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 6a21d12..d96dcc5 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -302,3 +302,4 @@ + 2023/03/24 [Flink RCE via jar/plan API Endpoint in JDK8](https://mp.weixin.qq.com/s?srcid=0324U8WlT7MpOqTIt0vM2MJD&scene=23&sharer_sharetime=1679630653991&mid=2247495227&sharer_shareid=33fdea7abe6be586e131951d667ccd06&sn=5ab9bcc3d89d57ff9799f88c3363814c&idx=1&__biz=MzkyNDA5NjgyMg%3D%3D&chksm=c1d9ae62f6ae2774dd25902c116f6c24f3e5bbf68836f676c25aac53f2c6b771b4a3823c3e7e&mpshare=1#rd) **hessian的利用** + 2023/03/26 [公开一个macOS命令执行技巧](https://mp.weixin.qq.com/s/GZ5eS_lHiBBb7jHNu6PUgg) **因为自己在使用了** + 2023/03/27 [Exploiting memory corruption vulnerabilities on Android](https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/) ++ 2023/03/29 [zeppelin 未授权任意命令执行漏洞复现](https://edu.hetianlab.com/post/94) From 20b5786ca9b869a15db0ec7a4f46909763ac2ac1 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Fri, 31 Mar 2023 18:46:35 +0800 Subject: [PATCH 78/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index d96dcc5..334f5cb 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -303,3 +303,4 @@ + 2023/03/26 [公开一个macOS命令执行技巧](https://mp.weixin.qq.com/s/GZ5eS_lHiBBb7jHNu6PUgg) **因为自己在使用了** + 2023/03/27 [Exploiting memory corruption vulnerabilities on Android](https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/) + 2023/03/29 [zeppelin 未授权任意命令执行漏洞复现](https://edu.hetianlab.com/post/94) ++ 2023/03/31 [SQL注入&预编译](https://forum.butian.net/share/1559) From 0cdb50a994eb55971dcaedb1465a83dd0d3d0443 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Fri, 31 Mar 2023 23:50:21 +0800 Subject: [PATCH 79/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 334f5cb..fbd35d5 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -303,4 +303,5 @@ + 2023/03/26 [公开一个macOS命令执行技巧](https://mp.weixin.qq.com/s/GZ5eS_lHiBBb7jHNu6PUgg) **因为自己在使用了** + 2023/03/27 [Exploiting memory corruption vulnerabilities on Android](https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/) + 2023/03/29 [zeppelin 未授权任意命令执行漏洞复现](https://edu.hetianlab.com/post/94) -+ 2023/03/31 [SQL注入&预编译](https://forum.butian.net/share/1559) ++ 2023/03/31 [SQL注入&预编译](https://forum.butian.net/share/1559) ++ 2023/03/31 [The curl quirk that exposed Burp Suite & Google Chrome](https://portswigger.net/research/the-curl-quirk-that-exposed-burp-suite-amp-google-chrome) **@的问题** From f1466e40c539bf66fbeee93a55d257fa9072de71 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 2 Apr 2023 12:36:47 +0800 Subject: [PATCH 80/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index fbd35d5..20f0e65 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -305,3 +305,4 @@ + 2023/03/29 [zeppelin 未授权任意命令执行漏洞复现](https://edu.hetianlab.com/post/94) + 2023/03/31 [SQL注入&预编译](https://forum.butian.net/share/1559) + 2023/03/31 [The curl quirk that exposed Burp Suite & Google Chrome](https://portswigger.net/research/the-curl-quirk-that-exposed-burp-suite-amp-google-chrome) **@的问题** ++ 2023/04/02 [日志库logback的攻击路径](https://mp.weixin.qq.com/s/OBwxaijYCjnvo8I0OBusug) From 107eef4293456b781659d8cf19b02e8828a481cf Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 2 Apr 2023 13:52:56 +0800 Subject: [PATCH 81/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 20f0e65..8a312d9 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -306,3 +306,4 @@ + 2023/03/31 [SQL注入&预编译](https://forum.butian.net/share/1559) + 2023/03/31 [The curl quirk that exposed Burp Suite & Google Chrome](https://portswigger.net/research/the-curl-quirk-that-exposed-burp-suite-amp-google-chrome) **@的问题** + 2023/04/02 [日志库logback的攻击路径](https://mp.weixin.qq.com/s/OBwxaijYCjnvo8I0OBusug) ++ 2023/04/03 [SSRF payloads](https://pravinponnusamy.medium.com/ssrf-payloads-f09b2a86a8b4) From a43e1358829651bf2ebb0cf4c5db9a3f9bec5ef8 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 2 Apr 2023 17:08:47 +0800 Subject: [PATCH 82/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 8a312d9..ee9b659 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -306,4 +306,5 @@ + 2023/03/31 [SQL注入&预编译](https://forum.butian.net/share/1559) + 2023/03/31 [The curl quirk that exposed Burp Suite & Google Chrome](https://portswigger.net/research/the-curl-quirk-that-exposed-burp-suite-amp-google-chrome) **@的问题** + 2023/04/02 [日志库logback的攻击路径](https://mp.weixin.qq.com/s/OBwxaijYCjnvo8I0OBusug) -+ 2023/04/03 [SSRF payloads](https://pravinponnusamy.medium.com/ssrf-payloads-f09b2a86a8b4) ++ 2023/04/02 [SSRF payloads](https://pravinponnusamy.medium.com/ssrf-payloads-f09b2a86a8b4) ++ 2023/04/02 [DFA敏感词算法](https://mp.weixin.qq.com/s?__biz=MzU1ODcxNDgyMA==&mid=2247484121&idx=1&sn=2f1f40f73124aca46f6572f5235d945a&chksm=fc231872cb549164a13f5f74ce43201390aaeada5f5f897537c3999af583aac184f1ce81d504&mpshare=1&scene=23&srcid=0402QW1pkeLvwamFjHBi3hvz&sharer_sharetime=1680424676004&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) From 2e42e80cbf7c52818c6e849f70ae62818f16fc6d Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Wed, 12 Apr 2023 21:12:29 +0800 Subject: [PATCH 83/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index ee9b659..e4eb71e 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -308,3 +308,4 @@ + 2023/04/02 [日志库logback的攻击路径](https://mp.weixin.qq.com/s/OBwxaijYCjnvo8I0OBusug) + 2023/04/02 [SSRF payloads](https://pravinponnusamy.medium.com/ssrf-payloads-f09b2a86a8b4) + 2023/04/02 [DFA敏感词算法](https://mp.weixin.qq.com/s?__biz=MzU1ODcxNDgyMA==&mid=2247484121&idx=1&sn=2f1f40f73124aca46f6572f5235d945a&chksm=fc231872cb549164a13f5f74ce43201390aaeada5f5f897537c3999af583aac184f1ce81d504&mpshare=1&scene=23&srcid=0402QW1pkeLvwamFjHBi3hvz&sharer_sharetime=1680424676004&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) ++ 2023/04/12 [java-exploitation-restrictions-in](https://codewhitesec.blogspot.com/2023/04/java-exploitation-restrictions-in.html) From b2830fa50e3777a76560e6c14a0a61a502380553 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sat, 15 Apr 2023 18:12:17 +0800 Subject: [PATCH 84/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index e4eb71e..86fa42c 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -309,3 +309,4 @@ + 2023/04/02 [SSRF payloads](https://pravinponnusamy.medium.com/ssrf-payloads-f09b2a86a8b4) + 2023/04/02 [DFA敏感词算法](https://mp.weixin.qq.com/s?__biz=MzU1ODcxNDgyMA==&mid=2247484121&idx=1&sn=2f1f40f73124aca46f6572f5235d945a&chksm=fc231872cb549164a13f5f74ce43201390aaeada5f5f897537c3999af583aac184f1ce81d504&mpshare=1&scene=23&srcid=0402QW1pkeLvwamFjHBi3hvz&sharer_sharetime=1680424676004&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) + 2023/04/12 [java-exploitation-restrictions-in](https://codewhitesec.blogspot.com/2023/04/java-exploitation-restrictions-in.html) ++ 2023/04/15 [Apache Solr 9.1 RCE 分析 CNVD-2023-27598](https://blog.noah.360.net/apache-solr-rce/) **todo** From 090712fbe5fca9150b86a0cfc07ad8a55fcb8074 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Wed, 19 Apr 2023 11:24:37 +0800 Subject: [PATCH 85/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 86fa42c..47b3a2d 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -310,3 +310,4 @@ + 2023/04/02 [DFA敏感词算法](https://mp.weixin.qq.com/s?__biz=MzU1ODcxNDgyMA==&mid=2247484121&idx=1&sn=2f1f40f73124aca46f6572f5235d945a&chksm=fc231872cb549164a13f5f74ce43201390aaeada5f5f897537c3999af583aac184f1ce81d504&mpshare=1&scene=23&srcid=0402QW1pkeLvwamFjHBi3hvz&sharer_sharetime=1680424676004&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) + 2023/04/12 [java-exploitation-restrictions-in](https://codewhitesec.blogspot.com/2023/04/java-exploitation-restrictions-in.html) + 2023/04/15 [Apache Solr 9.1 RCE 分析 CNVD-2023-27598](https://blog.noah.360.net/apache-solr-rce/) **todo** ++ 2023/04/19 [RCE进入内网接管k8s并逃逸进xx网-实战科普教程(一)](https://mp.weixin.qq.com/s?__biz=MzIxNTIzMzM1Ng==&mid=2651106315&idx=1&sn=97e4337a8c5d95952ae44ddf358aa366&chksm=8c6b6a28bb1ce33e57b1985491e7375511a7e87be3a51bce751b94dacec2385a1477c4f89e24&mpshare=1&scene=23&srcid=0419GSbLma7eb91vWCxXAnsM&sharer_sharetime=1681872082937&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **学** From 0be06ea19db6c533e2ba5ee67a05652227ce0e20 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Wed, 31 May 2023 14:38:54 +0800 Subject: [PATCH 86/97] Create readme.md --- shell/Groovy/readme.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 shell/Groovy/readme.md diff --git a/shell/Groovy/readme.md b/shell/Groovy/readme.md new file mode 100644 index 0000000..1f20d18 --- /dev/null +++ b/shell/Groovy/readme.md @@ -0,0 +1,3 @@ +Groovy 安全 + +https://xz.aliyun.com/t/10703 From f2a82c2f327caf4848ba9410eb07b0e49f1661c5 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Wed, 31 May 2023 15:16:29 +0800 Subject: [PATCH 87/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 47b3a2d..a960fd2 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -311,3 +311,4 @@ + 2023/04/12 [java-exploitation-restrictions-in](https://codewhitesec.blogspot.com/2023/04/java-exploitation-restrictions-in.html) + 2023/04/15 [Apache Solr 9.1 RCE 分析 CNVD-2023-27598](https://blog.noah.360.net/apache-solr-rce/) **todo** + 2023/04/19 [RCE进入内网接管k8s并逃逸进xx网-实战科普教程(一)](https://mp.weixin.qq.com/s?__biz=MzIxNTIzMzM1Ng==&mid=2651106315&idx=1&sn=97e4337a8c5d95952ae44ddf358aa366&chksm=8c6b6a28bb1ce33e57b1985491e7375511a7e87be3a51bce751b94dacec2385a1477c4f89e24&mpshare=1&scene=23&srcid=0419GSbLma7eb91vWCxXAnsM&sharer_sharetime=1681872082937&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **学** ++ 2023/05/31 [Nacos结合Spring Cloud Gateway RCE利用](https://xz.aliyun.com/t/11493) From ad71815b92bc5c81a674e479e2c35d817c1b96e3 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sat, 3 Jun 2023 17:50:33 +0800 Subject: [PATCH 88/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index a960fd2..dff0eb0 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -312,3 +312,4 @@ + 2023/04/15 [Apache Solr 9.1 RCE 分析 CNVD-2023-27598](https://blog.noah.360.net/apache-solr-rce/) **todo** + 2023/04/19 [RCE进入内网接管k8s并逃逸进xx网-实战科普教程(一)](https://mp.weixin.qq.com/s?__biz=MzIxNTIzMzM1Ng==&mid=2651106315&idx=1&sn=97e4337a8c5d95952ae44ddf358aa366&chksm=8c6b6a28bb1ce33e57b1985491e7375511a7e87be3a51bce751b94dacec2385a1477c4f89e24&mpshare=1&scene=23&srcid=0419GSbLma7eb91vWCxXAnsM&sharer_sharetime=1681872082937&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **学** + 2023/05/31 [Nacos结合Spring Cloud Gateway RCE利用](https://xz.aliyun.com/t/11493) ++ 2023/06/03 [Nevado JMS反序列化审计tips](https://novysodope.github.io/2023/04/01/95/) From 97f575a8c79e5c7f67afed23bced47ac87a00a64 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sat, 3 Jun 2023 18:00:28 +0800 Subject: [PATCH 89/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index dff0eb0..f3df6af 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -313,3 +313,4 @@ + 2023/04/19 [RCE进入内网接管k8s并逃逸进xx网-实战科普教程(一)](https://mp.weixin.qq.com/s?__biz=MzIxNTIzMzM1Ng==&mid=2651106315&idx=1&sn=97e4337a8c5d95952ae44ddf358aa366&chksm=8c6b6a28bb1ce33e57b1985491e7375511a7e87be3a51bce751b94dacec2385a1477c4f89e24&mpshare=1&scene=23&srcid=0419GSbLma7eb91vWCxXAnsM&sharer_sharetime=1681872082937&sharer_shareid=33fdea7abe6be586e131951d667ccd06#rd) **学** + 2023/05/31 [Nacos结合Spring Cloud Gateway RCE利用](https://xz.aliyun.com/t/11493) + 2023/06/03 [Nevado JMS反序列化审计tips](https://novysodope.github.io/2023/04/01/95/) ++ 2023/06/03 [Celery Redis未授权访问利用](https://forum.butian.net/share/224) From 06320d964a19c67ad06305ce6f51a0b33a72bf1c Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 4 Jun 2023 14:16:47 +0800 Subject: [PATCH 90/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index f3df6af..71e1c71 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -314,3 +314,4 @@ + 2023/05/31 [Nacos结合Spring Cloud Gateway RCE利用](https://xz.aliyun.com/t/11493) + 2023/06/03 [Nevado JMS反序列化审计tips](https://novysodope.github.io/2023/04/01/95/) + 2023/06/03 [Celery Redis未授权访问利用](https://forum.butian.net/share/224) ++ 2023/06/04 [cname记录是什么?他存在的意义是什么?](https://www.zhihu.com/question/22916306) From 059a82feb5048cc0b23f611230a808caeb08ecb7 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Mon, 5 Jun 2023 12:58:53 +0800 Subject: [PATCH 91/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 71e1c71..b0489dc 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -315,3 +315,4 @@ + 2023/06/03 [Nevado JMS反序列化审计tips](https://novysodope.github.io/2023/04/01/95/) + 2023/06/03 [Celery Redis未授权访问利用](https://forum.butian.net/share/224) + 2023/06/04 [cname记录是什么?他存在的意义是什么?](https://www.zhihu.com/question/22916306) ++ 2023/06/05 [ImageMagick 参数注入](https://github.com/ImageMagick/ImageMagick/issues/6338) From 62ea34e74a7a48e93f66684e295caa1c4210de04 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Mon, 5 Jun 2023 22:08:24 +0800 Subject: [PATCH 92/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index b0489dc..5352177 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -316,3 +316,4 @@ + 2023/06/03 [Celery Redis未授权访问利用](https://forum.butian.net/share/224) + 2023/06/04 [cname记录是什么?他存在的意义是什么?](https://www.zhihu.com/question/22916306) + 2023/06/05 [ImageMagick 参数注入](https://github.com/ImageMagick/ImageMagick/issues/6338) ++ 2023/06/05 [为什么我们需要收集URL?](https://mp.weixin.qq.com/s/nhU9gbRot3X8D_1AvkirUA) From d481c3578b122a9bb8d7d24a3248889d1078eeef Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Tue, 6 Jun 2023 11:38:22 +0800 Subject: [PATCH 93/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 5352177..a075ebe 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -317,3 +317,4 @@ + 2023/06/04 [cname记录是什么?他存在的意义是什么?](https://www.zhihu.com/question/22916306) + 2023/06/05 [ImageMagick 参数注入](https://github.com/ImageMagick/ImageMagick/issues/6338) + 2023/06/05 [为什么我们需要收集URL?](https://mp.weixin.qq.com/s/nhU9gbRot3X8D_1AvkirUA) ++ 2023/06/06 [justCTF2023-AWS Cognito认证服务的安全隐患](https://hpdoger.cn/2023/06/05/title:%20justCTF2023-AWS%20Cognito%E8%AE%A4%E8%AF%81%E6%9C%8D%E5%8A%A1%E7%9A%84%E5%AE%89%E5%85%A8%E9%9A%90%E6%82%A3/) **学习** From f1260ae49ecb1bda1c91811608fef7c3f5e15e2c Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Fri, 16 Jun 2023 21:25:27 +0800 Subject: [PATCH 94/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index a075ebe..b4ac6f6 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -318,3 +318,4 @@ + 2023/06/05 [ImageMagick 参数注入](https://github.com/ImageMagick/ImageMagick/issues/6338) + 2023/06/05 [为什么我们需要收集URL?](https://mp.weixin.qq.com/s/nhU9gbRot3X8D_1AvkirUA) + 2023/06/06 [justCTF2023-AWS Cognito认证服务的安全隐患](https://hpdoger.cn/2023/06/05/title:%20justCTF2023-AWS%20Cognito%E8%AE%A4%E8%AF%81%E6%9C%8D%E5%8A%A1%E7%9A%84%E5%AE%89%E5%85%A8%E9%9A%90%E6%82%A3/) **学习** ++ 2023/06/16 [NGINX缓存原理及源码分析(一)](https://zhuanlan.zhihu.com/p/420983450) From ce6588308a2a340a77849833733c5fe65422f3a5 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Fri, 16 Jun 2023 21:29:01 +0800 Subject: [PATCH 95/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index b4ac6f6..30e3f6b 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -318,4 +318,4 @@ + 2023/06/05 [ImageMagick 参数注入](https://github.com/ImageMagick/ImageMagick/issues/6338) + 2023/06/05 [为什么我们需要收集URL?](https://mp.weixin.qq.com/s/nhU9gbRot3X8D_1AvkirUA) + 2023/06/06 [justCTF2023-AWS Cognito认证服务的安全隐患](https://hpdoger.cn/2023/06/05/title:%20justCTF2023-AWS%20Cognito%E8%AE%A4%E8%AF%81%E6%9C%8D%E5%8A%A1%E7%9A%84%E5%AE%89%E5%85%A8%E9%9A%90%E6%82%A3/) **学习** -+ 2023/06/16 [NGINX缓存原理及源码分析(一)](https://zhuanlan.zhihu.com/p/420983450) ++ 2023/06/16 [NGINX缓存原理及源码分析(一)](https://zhuanlan.zhihu.com/p/420983450) [cdn原理分析-本地搭建cdn模拟访问过程](https://mp.weixin.qq.com/s/u-VWrrdlkRzKs7u04EPV-g) From 3d3b9f1907662f851cf7cd698762795d43368502 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Sun, 2 Jul 2023 22:34:14 +0800 Subject: [PATCH 96/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index 30e3f6b..c6adbcc 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -319,3 +319,4 @@ + 2023/06/05 [为什么我们需要收集URL?](https://mp.weixin.qq.com/s/nhU9gbRot3X8D_1AvkirUA) + 2023/06/06 [justCTF2023-AWS Cognito认证服务的安全隐患](https://hpdoger.cn/2023/06/05/title:%20justCTF2023-AWS%20Cognito%E8%AE%A4%E8%AF%81%E6%9C%8D%E5%8A%A1%E7%9A%84%E5%AE%89%E5%85%A8%E9%9A%90%E6%82%A3/) **学习** + 2023/06/16 [NGINX缓存原理及源码分析(一)](https://zhuanlan.zhihu.com/p/420983450) [cdn原理分析-本地搭建cdn模拟访问过程](https://mp.weixin.qq.com/s/u-VWrrdlkRzKs7u04EPV-g) ++ 2023/07/02 [一种基于规则的 JavaWeb 回显方案](https://mp.weixin.qq.com/s/hIPz0LEk_OW_IpUbfKBYMg) From f66350052c3674c4c090cb24524b0559af905e33 Mon Sep 17 00:00:00 2001 From: Firebasky <63966847+Firebasky@users.noreply.github.com> Date: Tue, 11 Jul 2023 15:47:41 +0800 Subject: [PATCH 97/97] Update Readme.md --- "java\346\227\245\345\270\270/Readme.md" | 1 + 1 file changed, 1 insertion(+) diff --git "a/java\346\227\245\345\270\270/Readme.md" "b/java\346\227\245\345\270\270/Readme.md" index c6adbcc..a8914bd 100644 --- "a/java\346\227\245\345\270\270/Readme.md" +++ "b/java\346\227\245\345\270\270/Readme.md" @@ -320,3 +320,4 @@ + 2023/06/06 [justCTF2023-AWS Cognito认证服务的安全隐患](https://hpdoger.cn/2023/06/05/title:%20justCTF2023-AWS%20Cognito%E8%AE%A4%E8%AF%81%E6%9C%8D%E5%8A%A1%E7%9A%84%E5%AE%89%E5%85%A8%E9%9A%90%E6%82%A3/) **学习** + 2023/06/16 [NGINX缓存原理及源码分析(一)](https://zhuanlan.zhihu.com/p/420983450) [cdn原理分析-本地搭建cdn模拟访问过程](https://mp.weixin.qq.com/s/u-VWrrdlkRzKs7u04EPV-g) + 2023/07/02 [一种基于规则的 JavaWeb 回显方案](https://mp.weixin.qq.com/s/hIPz0LEk_OW_IpUbfKBYMg) ++ 2023/07/11 [企业微信密钥泄露利用小案例](https://mp.weixin.qq.com/s/mptsykGJHmRC87dYqFFqMw)