Java sec code is a very powerful and friendly project for learning Java vulnerability code.

中文文档

Introduce

This project can also be called Java vulnerability code.

Each vulnerability type code has a security vulnerability by default unless there is no vulnerability. The relevant fix code is in the comments or code. Specifically, you can view each vulnerability code and comments.

Vulnerability Code

Sort by letter.

• Actuators to RCE
• CORS
• CRLF Injection
• CSRF
• Deserialize
• Fastjson
• File Upload
• IP Forge
• Java RMI
• JSONP
• RCE
• SPEL
• SQL Injection
• SSRF
• URL Redirect
• URL whitelist Bypass
• XSS
• XXE

Vulnerability Description

• Actuators to RCE
• CORS
• CSRF
• Fastjson
• Java RMI
• JSONP
• SQLI
• URL whitelist Bypass
• XXE
• Others

How to run

• Tomcat
• IDEA
• JAR

Tomcat

• Exclude tomcat in pom.xml.

  <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-web</artifactId>
      <exclusions>
          <exclusion>
              <groupId>org.springframework.boot</groupId>
              <artifactId>spring-boot-starter-tomcat</artifactId>
          </exclusion>
      </exclusions>
  </dependency>

• Build war package by mvn clean package.

• Copy war package to tomcat webapps directory.

• Start tomcat application.

Example:

http://localhost:8080/java-sec-code-1.0.0/rce/exec?cmd=whoami

return:

IDEA

Click run button.

Example:

http://localhost:8080/rce/exec?cmd=whoami

return:

JAR

Change war to jar in pom.xml.

<groupId>sec</groupId>
<artifactId>java-sec-code</artifactId>
<version>1.0.0</version>
<packaging>war</packaging>

Build package and run.

mvn clean package -DskipTests 
java -jar target/java-sec-code-1.0.0.jar

Donate

If you like the poject, you can donate to support me. With your support, I will be able to make Java sec code better 😎.

Alipay

Scan the QRcode to support Java sec code.