Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 8140d9e

Browse filesBrowse files
Y4tackerY4tacker
authored
Update Java触发二次反序列化的点.md
更新二次反序列化利用点
1 parent cf52fcf commit 8140d9e
Copy full SHA for 8140d9e

File tree

Expand file treeCollapse file tree

1 file changed

+5
-0
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

1 file changed

+5
-0
lines changed
Open diff view settings
Collapse file

‎其他/Java二次反序列化/Java触发二次反序列化的点.md‎

Copy file name to clipboardExpand all lines: 其他/Java二次反序列化/Java触发二次反序列化的点.md
+5Lines changed: 5 additions & 0 deletions
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -313,3 +313,8 @@ public class DemoTest {
313313
```
314314

315315
具体分析见https://y4tacker.github.io/2022/02/06/year/2022/2/c3p0%E7%9A%84%E4%B8%89%E4%B8%AAgadget%E7%9A%84%E5%AD%A6%E4%B9%A0/#hex%E5%BA%8F%E5%88%97%E5%8C%96%E5%AD%97%E8%8A%82%E5%8A%A0%E8%BD%BD%E5%99%A8
316+
317+
318+
## org.pac4j.core.profile.InternalAttributeHandler#restore
319+
使用{#sb64}rO0ABXN...serizalized_object_in_base64...,隐藏TemplatesImpl,可惜不是通用的
320+
参考链接:https://securitylab.github.com/advisories/GHSL-2022-085_pac4j/

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.