feat:优化注释和文档

threedr3am · threedr3am · commit 2656940b8e52 · 2020-02-11T10:07:42.000+08:00
diff --git a/README.md b/README.md
@@ -1,17 +1,23 @@
 ### fastjson poc
-1. com.threedr3am.bug.fastjson.FastjsonSerialize 利用条件：fastjson <= 1.2.24 + Feature.SupportNonPublicField
+1. com.threedr3am.bug.fastjson.FastjsonSerialize(TemplatesImpl) 利用条件：fastjson <= 1.2.24 + Feature.SupportNonPublicField
 2. com.threedr3am.bug.fastjson.NoNeedAutoTypePoc 利用条件：fastjson < 1.2.48 不需要任何配置，默认配置通杀RCE
-3. ...
+3. com.threedr3am.bug.fastjson.HikariConfigPoc(HikariConfig) 利用条件：fastjson <= 1.2.59 RCE，需要开启AutoType
+4. com.threedr3am.bug.fastjson.CommonsProxyPoc(SessionBeanProvider) 利用条件：fastjson <= 1.2.61 RCE，需要开启AutoType
 
 ### jackson poc
 package：com.threedr3am.bug.jackson
 
 ### dubbo
-1. com.threedr3am.bug.dubbo.JdbcRowSetImplPoc 利用条件：存在rome依赖
+1. com.threedr3am.bug.dubbo.RomePoc 利用条件：存在rome依赖
+2. com.threedr3am.bug.dubbo.ResinPoc 利用条件：存在com.caucho:quercus依赖
+3. com.threedr3am.bug.dubbo.XBeanPoc 利用条件：存在org.apache.xbean:xbean-naming依赖
+4. com.threedr3am.bug.dubbo.SpringAbstractBeanFactoryPointcutAdvisorPoc 利用条件：存在org.springframework:spring-aop依赖
 
 ### Padding Oracle CBC
-1. com.threedr3am.bug.paddingoraclecbc.PaddingOracleCBC java实现padding oracle cbc
-2. com.threedr3am.bug.paddingoraclecbc.PaddingOracleCBC2 多组的java实现padding oracle cbc
+1. com.threedr3am.bug.paddingoraclecbc.PaddingOracle ```padding oracle java实现（多组密文实现）```
+2. com.threedr3am.bug.paddingoraclecbc.PaddingOracleCBC ```padding oracle cbc java实现（单组 <= 16bytes 密文实现）```
+3. com.threedr3am.bug.paddingoraclecbc.PaddingOracleCBC2 ```padding oracle cbc java实现（多组密文实现）```
+4. com.threedr3am.bug.paddingoraclecbc.PaddingOracleCBCForShiro ```shiro padding oracle cbc java实现```
 
 ### XXE
 paclage：com.threedr3am.bug.xxe
diff --git a/src/main/java/com/threedr3am/bug/fastjson/CommonsProxyPoc.java b/src/main/java/com/threedr3am/bug/fastjson/CommonsProxyPoc.java
@@ -10,6 +10,11 @@
 /**
  * fastjson <= 1.2.61 RCE，需要开启AutoType
  *
+ * <dependency>
+ *       <groupId>org.apache.commons</groupId>
+ *       <artifactId>commons-proxy</artifactId>
+ * </dependency>
+ *
  * @author threedr3am
  */
 public class CommonsProxyPoc {
diff --git a/src/main/java/com/threedr3am/bug/fastjson/HikariConfigPoc.java b/src/main/java/com/threedr3am/bug/fastjson/HikariConfigPoc.java
@@ -7,6 +7,12 @@
 /**
  * fastjson <= 1.2.59 RCE，需要开启AutoType
  *
+ *
+ * <dependency>
+ *       <groupId>com.zaxxer</groupId>
+ *       <artifactId>HikariCP</artifactId>
+ * </dependency>
+ *
  * @author threedr3am
  */
 public class HikariConfigPoc {
diff --git a/src/main/java/com/threedr3am/bug/fastjson/NoNeedAutoTypePoc.java b/src/main/java/com/threedr3am/bug/fastjson/NoNeedAutoTypePoc.java
@@ -6,6 +6,7 @@
 
 /**
  * fastjson 1.2.48以下不需要任何配置，默认配置通杀RCE
+ *
  * @author threedr3am
  */
 public class NoNeedAutoTypePoc {
diff --git a/src/main/java/com/threedr3am/bug/jackson/HikariConfigPoc.java b/src/main/java/com/threedr3am/bug/jackson/HikariConfigPoc.java
@@ -9,6 +9,11 @@
 /**
  * jackson-databind <= 2.7.9.6、<= 2.8.11.4、<= 2.9.9.3 RCE，需要开启DefaultType
  *
+ * <dependency>
+ *       <groupId>com.zaxxer</groupId>
+ *       <artifactId>HikariCP</artifactId>
+ * </dependency>
+ *
  * @author threedr3am
  */
 public class HikariConfigPoc {
