Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit cab74a4

Browse filesBrowse files
JoyChou93JoyChou93
committed
1 parent 621c300 commit cab74a4
Copy full SHA for cab74a4

File tree

Expand file treeCollapse file tree

5 files changed

+48
-25
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

5 files changed

+48
-25
lines changed
Open diff view settings
Collapse file

‎java-sec-code.iml‎

Copy file name to clipboardExpand all lines: java-sec-code.iml
+3-1Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -212,7 +212,7 @@
212212
<orderEntry type="library" name="Maven: org.springframework.plugin:spring-plugin-metadata:1.2.0.RELEASE" level="project" />
213213
<orderEntry type="library" name="Maven: org.mapstruct:mapstruct:1.2.0.Final" level="project" />
214214
<orderEntry type="library" name="Maven: io.springfox:springfox-swagger-ui:2.9.2" level="project" />
215-
<orderEntry type="library" scope="PROVIDED" name="Maven: org.projectlombok:lombok:1.18.16" level="project" />
215+
<orderEntry type="library" scope="PROVIDED" name="Maven: org.projectlombok:lombok:1.18.20" level="project" />
216216
<orderEntry type="library" name="Maven: org.yaml:snakeyaml:1.21" level="project" />
217217
<orderEntry type="library" name="Maven: org.springframework:spring-test:4.3.6.RELEASE" level="project" />
218218
<orderEntry type="library" name="Maven: junit:junit:4.12" level="project" />
@@ -228,5 +228,7 @@
228228
<orderEntry type="library" name="Maven: net.minidev:json-smart:2.2.1" level="project" />
229229
<orderEntry type="library" name="Maven: net.minidev:accessors-smart:1.1" level="project" />
230230
<orderEntry type="library" name="Maven: org.xmlbeam:xmlprojector:1.4.13" level="project" />
231+
<orderEntry type="library" name="Maven: org.postgresql:postgresql:42.3.1" level="project" />
232+
<orderEntry type="library" scope="RUNTIME" name="Maven: org.checkerframework:checker-qual:3.5.0" level="project" />
231233
</component>
232234
</module>
Collapse file

‎pom.xml‎

Copy file name to clipboardExpand all lines: pom.xml
+8-1Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -260,7 +260,7 @@
260260
<dependency>
261261
<groupId>org.projectlombok</groupId>
262262
<artifactId>lombok</artifactId>
263-
<version>1.18.16</version>
263+
<version>1.18.20</version>
264264
<scope>provided</scope>
265265
</dependency>
266266

@@ -330,6 +330,13 @@
330330
<version>1.4.13</version>
331331
</dependency>
332332

333+
<!-- CVE-2022-21724 -->
334+
<dependency>
335+
<groupId>org.postgresql</groupId>
336+
<artifactId>postgresql</artifactId>
337+
<version>42.3.1</version>
338+
</dependency>
339+
333340
</dependencies>
334341

335342
<dependencyManagement>
Collapse file

‎src/main/java/org/joychou/controller/Rce.java‎

Copy file name to clipboardExpand all lines: src/main/java/org/joychou/controller/Rce.java
+14Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
package org.joychou.controller;
22

33
import groovy.lang.GroovyShell;
4+
import lombok.extern.slf4j.Slf4j;
45
import org.springframework.web.bind.annotation.GetMapping;
56
import org.springframework.web.bind.annotation.RequestMapping;
67
import org.springframework.web.bind.annotation.RestController;
@@ -14,13 +15,15 @@
1415
import java.io.BufferedInputStream;
1516
import java.io.BufferedReader;
1617
import java.io.InputStreamReader;
18+
import java.sql.DriverManager;
1719

1820

1921
/**
2022
* Java code execute
2123
*
2224
* @author JoyChou @ 2018-05-24
2325
*/
26+
@Slf4j
2427
@RestController
2528
@RequestMapping("/rce")
2629
public class Rce {
@@ -128,5 +131,16 @@ public void groovyshell(String content) {
128131
groovyShell.evaluate(content);
129132
}
130133

134+
/**
135+
* <a href="https://github.com/JoyChou93/java-sec-code/wiki/CVE-2022-21724">CVE-2022-21724</a>
136+
*/
137+
@RequestMapping("/postgresql")
138+
public void postgresql(String jdbcUrlBase64) throws Exception{
139+
byte[] b = java.util.Base64.getDecoder().decode(jdbcUrlBase64);
140+
String jdbcUrl = new String(b);
141+
log.info(jdbcUrl);
142+
DriverManager.getConnection(jdbcUrl);
143+
}
144+
131145
}
132146

Collapse file

‎src/main/java/org/joychou/controller/XXE.java‎

Copy file name to clipboardExpand all lines: src/main/java/org/joychou/controller/XXE.java
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -234,7 +234,7 @@ public String DigesterSec(HttpServletRequest request) {
234234
* Use request.getInputStream to support UTF16 encoding.
235235
*/
236236
@RequestMapping(value = "/DocumentBuilder/vuln", method = RequestMethod.POST)
237-
public String DocumentBuilderVuln01(HttpServletRequest request) {
237+
public String DocumentBuilderVuln(HttpServletRequest request) {
238238
try {
239239
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
240240
DocumentBuilder db = dbf.newDocumentBuilder();
Collapse file

‎src/main/resources/templates/index.html‎

Copy file name to clipboardExpand all lines: src/main/resources/templates/index.html
+22-22Lines changed: 22 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -5,29 +5,29 @@
55
<title>Home Page</title>
66
</head>
77
<body>
8-
<p>Hello <span th:text="${user}"></span>.</p>
9-
<p>Welcome to login java-sec-code application. <a th:href="@{/appInfo}">Application Infomation</a></p>
10-
<p>
11-
<a th:href="@{/swagger-ui.html}">Swagger</a>&nbsp;&nbsp;
12-
<a th:href="@{/codeinject?filepath=/tmp;cat /etc/passwd}">CmdInject</a>&nbsp;&nbsp;
13-
<a th:href="@{/jsonp/getToken?_callback=test}">JSONP</a>&nbsp;&nbsp;
14-
<a th:href="@{/file/pic}">Picture Upload</a>&nbsp;&nbsp;
15-
<a th:href="@{/file/any}">File Upload</a>&nbsp;&nbsp;
16-
<a th:href="@{cors/sec/originFilter}">Cors</a>&nbsp;&nbsp;
17-
<a th:href="@{/path_traversal/vul?filepath=../../../../../etc/passwd}">PathTraversal</a>&nbsp;&nbsp;
18-
<a th:href="@{sqli/mybatis/vuln01?username=joychou' or '1'='1}">SqlInject</a>&nbsp;&nbsp;
19-
<a th:href="@{/ssrf/urlConnection/vuln?url=file:///etc/passwd}">SSRF</a>&nbsp;&nbsp;
20-
<a th:href="@{/rce/exec?cmd=whoami}">RCE</a>&nbsp;&nbsp;
21-
<a th:href="@{/ooxml/upload}">ooxml XXE</a>&nbsp;&nbsp;
22-
<a th:href="@{/xlsx-streamer/upload}">xlsx-streamer XXE</a>
23-
</p>
8+
<p>Hello <span th:text="${user}"></span>.</p>
9+
<p>Welcome to login java-sec-code application. <a th:href="@{/appInfo}">Application Infomation</a></p>
10+
<p>
11+
<a th:href="@{/swagger-ui.html}">Swagger</a>&nbsp;&nbsp;
12+
<a th:href="@{/codeinject?filepath=/tmp;cat /etc/passwd}">CmdInject</a>&nbsp;&nbsp;
13+
<a th:href="@{/jsonp/getToken?_callback=test}">JSONP</a>&nbsp;&nbsp;
14+
<a th:href="@{/file/pic}">Picture Upload</a>&nbsp;&nbsp;
15+
<a th:href="@{/file/any}">File Upload</a>&nbsp;&nbsp;
16+
<a th:href="@{cors/sec/originFilter}">Cors</a>&nbsp;&nbsp;
17+
<a th:href="@{/path_traversal/vul?filepath=../../../../../etc/passwd}">PathTraversal</a>&nbsp;&nbsp;
18+
<a th:href="@{sqli/mybatis/vuln01?username=joychou' or '1'='1}">SqlInject</a>&nbsp;&nbsp;
19+
<a th:href="@{/ssrf/urlConnection/vuln?url=file:///etc/passwd}">SSRF</a>&nbsp;&nbsp;
20+
<a th:href="@{/rce/exec?cmd=whoami}">RCE</a>&nbsp;&nbsp;
21+
<a th:href="@{/ooxml/upload}">ooxml XXE</a>&nbsp;&nbsp;
22+
<a th:href="@{/xlsx-streamer/upload}">xlsx-streamer XXE</a>
23+
</p>
2424

25-
<P>
26-
<a th:href="@{/jwt/createToken}">JWTCreateToken</a>
27-
<a th:href="@{/jwt/getName}">GetUserFromJWTToken</a>
28-
</P>
29-
<p>...</p>
30-
<a th:href="@{/logout}">logout</a>
25+
<P>
26+
<a th:href="@{/jwt/createToken}">JWTCreateToken</a>
27+
<a th:href="@{/jwt/getName}">GetUserFromJWTToken</a>
28+
</P>
29+
<p>...</p>
30+
<a th:href="@{/logout}">logout</a>
3131

3232
</body>
3333
</html>

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.