feat:cas-4.1 and 4.2 and 5.3骨架搭建完毕

使用cas，你需要熟悉overlays、idea project structure（即配置build输出目录和输出内容以及webapp目录配置）、tomcat deployment

Author: threedr3am

README.md

@@ -1,44 +1,68 @@
 *本项目仅用于安全研究，禁止使用本项目发起非法攻击，造成的后果使用者负责*
 
+---
+
 ### fastjson
 1. com.threedr3am.bug.fastjson.FastjsonSerialize(TemplatesImpl) 利用条件：fastjson <= 1.2.24 + Feature.SupportNonPublicField
 2. com.threedr3am.bug.fastjson.NoNeedAutoTypePoc 利用条件：fastjson < 1.2.48 不需要任何配置，默认配置通杀RCE
 3. com.threedr3am.bug.fastjson.HikariConfigPoc(HikariConfig) 利用条件：fastjson <= 1.2.59 RCE，需要开启AutoType
 4. com.threedr3am.bug.fastjson.CommonsProxyPoc(SessionBeanProvider) 利用条件：fastjson <= 1.2.61 RCE，需要开启AutoType
 
+---
+
 ### jackson
 package：com.threedr3am.bug.jackson
 
+---
+
 ### dubbo
 1. com.threedr3am.bug.dubbo.RomePoc 利用条件：存在rome依赖
 2. com.threedr3am.bug.dubbo.ResinPoc 利用条件：存在com.caucho:quercus依赖
 3. com.threedr3am.bug.dubbo.XBeanPoc 利用条件：存在org.apache.xbean:xbean-naming依赖
 4. com.threedr3am.bug.dubbo.SpringAbstractBeanFactoryPointcutAdvisorPoc 利用条件：存在org.springframework:spring-aop依赖
 
-### dubbo/dubbo-hessian2-safe-reinforcement
+#### dubbo/dubbo-hessian2-safe-reinforcement
 dubbo hessian2安全加固demo，使用黑名单方式禁止部分gadget
 
+---
+
 ### padding-oracle-cbc
 1. com.threedr3am.bug.paddingoraclecbc.PaddingOracle ```padding oracle java实现（多组密文实现）```
 2. com.threedr3am.bug.paddingoraclecbc.PaddingOracleCBC ```padding oracle cbc java实现（单组 <= 16bytes 密文实现）```
 3. com.threedr3am.bug.paddingoraclecbc.PaddingOracleCBC2 ```padding oracle cbc java实现（多组密文实现）```
 4. com.threedr3am.bug.paddingoraclecbc.PaddingOracleCBCForShiro ```shiro padding oracle cbc java实现```
 
+---
+
 ### xxe
 paclage：com.threedr3am.bug.xxe
 
+---
+
 ### commons-collections
 package：com.threedr3am.bug.collections
 
+---
+
 ###  security-anager
 package：com.threedr3am.bug.security.manager
 
+---
+
 ### rmi
 package：com.threedr3am.bug.rmi
 
+---
+
 ### tomcat
 tomcat相关漏洞
 
 #### ajp-bug
 tomcat ajp协议相关漏洞 
-1. com.threedr3am.bug.tomcat.ajp 任意文件读取和jsp渲染RCE CVE-2020-1938 
+1. com.threedr3am.bug.tomcat.ajp 任意文件读取和jsp渲染RCE CVE-2020-1938
+
+---
+
+### cas
+
+cas相关漏洞 

cas/4.1.7-4.2.x/pom.xml

@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <parent>
+    <artifactId>cas</artifactId>
+    <groupId>com.xyh</groupId>
+    <version>1.0-SNAPSHOT</version>
+  </parent>
+  <modelVersion>4.0.0</modelVersion>
+
+  <artifactId>4.1.7-4.2.x</artifactId>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>com.rimerosolutions.maven.plugins</groupId>
+        <artifactId>wrapper-maven-plugin</artifactId>
+        <version>0.0.4</version>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-war-plugin</artifactId>
+        <version>2.6</version>
+        <configuration>
+          <warName>cas</warName>
+          <overlays>
+            <overlay>
+              <groupId>org.jasig.cas</groupId>
+              <artifactId>cas-server-webapp</artifactId>
+              <excludes>
+                <exclude>WEB-INF/cas.properties</exclude>
+                <exclude>WEB-INF/classes/log4j2.xml</exclude>
+              </excludes>
+            </overlay>
+          </overlays>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <version>3.3</version>
+        <configuration>
+          <source>1.7</source>
+          <target>1.7</target>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.eclipse.jetty</groupId>
+        <artifactId>jetty-maven-plugin</artifactId>
+        <version>${maven-jetty-plugin.version}</version>
+        <configuration>
+          <jettyXml>${basedir}/etc/jetty/jetty.xml,${basedir}/etc/jetty/jetty-ssl.xml,${basedir}/etc/jetty/jetty-https.xml</jettyXml>
+          <systemProperties>
+            <systemProperty>
+              <name>org.eclipse.jetty.annotations.maxWait</name>
+              <value>240</value>
+            </systemProperty>
+          </systemProperties>
+          <webApp>
+            <contextPath>/cas</contextPath>
+            <overrideDescriptor>${basedir}/etc/jetty/web.xml</overrideDescriptor>
+          </webApp>
+          <webAppConfig>
+            <allowDuplicateFragmentNames>true</allowDuplicateFragmentNames>
+          </webAppConfig>
+          <jvmArgs>-Dlog4j.configurationFile=/etc/cas/log4j2.xml -Xdebug -Xrunjdwp:transport=dt_socket,address=5000,server=y,suspend=n</jvmArgs>
+        </configuration>
+      </plugin>
+    </plugins>
+    <finalName>cas</finalName>
+  </build>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.jasig.cas</groupId>
+      <artifactId>cas-server-webapp</artifactId>
+      <version>${cas.version}</version>
+      <type>war</type>
+      <scope>runtime</scope>
+    </dependency>
+  </dependencies>
+
+  <properties>
+    <cas.version>4.2.7</cas.version>
+    <maven-jetty-plugin.version>9.3.6.v20151106</maven-jetty-plugin.version>
+    <maven.compiler.source>1.7</maven.compiler.source>
+    <maven.compiler.target>1.7</maven.compiler.target>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+  </properties>
+
+  <repositories>
+    <repository>
+      <id>sonatype-releases</id>
+      <url>http://oss.sonatype.org/content/repositories/releases/</url>
+    </repository>
+    <repository>
+      <id>sonatype-snapshots</id>
+      <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
+    </repository>
+    <repository>
+      <id>shibboleth-releases</id>
+      <url>https://build.shibboleth.net/nexus/content/repositories/releases</url>
+    </repository>
+  </repositories>
+
+</project>

cas/4.1.7-4.2.x/src/main/java/com/threedr3am/bug/cas/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * @author threedr3am
+ */
+package com.threedr3am.bug.cas;

cas/4.1.7-4.2.x/src/main/resources/log4j2.xml

@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!-- Specify the refresh internal in seconds. -->
+<Configuration monitorInterval="60">
+    <Appenders>
+        <Console name="console" target="SYSTEM_OUT">
+            <PatternLayout pattern="%d %p [%c] - &lt;%m&gt;%n"/>
+        </Console>
+        <RollingFile name="file" fileName="cas.log" append="true"
+                     filePattern="cas-%d{yyyy-MM-dd-HH}-%i.log">
+            <PatternLayout pattern="%d %p [%c] - %m%n"/>
+            <Policies>
+                <OnStartupTriggeringPolicy />
+                <SizeBasedTriggeringPolicy size="10 MB"/>
+                <TimeBasedTriggeringPolicy />
+            </Policies>
+        </RollingFile>
+        <RollingFile name="auditlogfile" fileName="cas_audit.log" append="true"
+                     filePattern="cas_audit-%d{yyyy-MM-dd-HH}-%i.log">
+            <PatternLayout pattern="%d %p [%c] - %m%n"/>
+            <Policies>
+                <OnStartupTriggeringPolicy />
+                <SizeBasedTriggeringPolicy size="10 MB"/>
+                <TimeBasedTriggeringPolicy />
+            </Policies>
+        </RollingFile>
+        <RollingFile name="perfFileAppender" fileName="perfStats.log" append="true"
+                     filePattern="perfStats-%d{yyyy-MM-dd-HH}-%i.log">
+            <PatternLayout pattern="%m%n"/>
+            <Policies>
+                <OnStartupTriggeringPolicy />
+                <SizeBasedTriggeringPolicy size="10 MB"/>
+                <TimeBasedTriggeringPolicy />
+            </Policies>
+        </RollingFile>
+    </Appenders>
+    <Loggers>
+        <AsyncLogger  name="org.jasig" level="info" additivity="false" includeLocation="true">
+            <AppenderRef ref="console"/>
+            <AppenderRef ref="file"/>
+        </AsyncLogger>
+        <AsyncLogger  name="org.springframework" level="warn" />
+        <AsyncLogger name="org.springframework.webflow" level="warn" />
+        <AsyncLogger name="org.springframework.web" level="warn" />
+        <AsyncLogger name="org.pac4j" level="warn" />
+        <!--
+        <AsyncLogger name="org.opensaml" level="debug" additivity="false">
+            <AppenderRef ref="console"/>
+            <AppenderRef ref="file"/>
+        </AsyncLogger>
+        <AsyncLogger name="org.ldaptive" level="debug" additivity="false">
+            <AppenderRef ref="console"/>
+            <AppenderRef ref="file"/>
+        </AsyncLogger>
+        <AsyncLogger name="com.hazelcast" level="debug" additivity="false">
+            <AppenderRef ref="console"/>
+            <AppenderRef ref="file"/>
+        </AsyncLogger>
+        -->
+        <AsyncLogger  name="org.apereo.cas.security" level="warn" additivity="false" includeLocation="true">
+            <AppenderRef ref="console"/>
+            <AppenderRef ref="file"/>
+        </AsyncLogger>
+        
+        <AsyncLogger name="perfStatsLogger" level="info" additivity="false" includeLocation="true">
+            <AppenderRef ref="perfFileAppender"/>
+        </AsyncLogger>
+
+        <AsyncLogger name="org.jasig.cas.web.flow" level="info" additivity="true" includeLocation="true">
+            <AppenderRef ref="file"/>
+        </AsyncLogger>
+        <AsyncLogger name="org.jasig.inspektr.audit.support" level="info" includeLocation="true">
+            <AppenderRef ref="auditlogfile"/>
+            <AppenderRef ref="file"/>
+        </AsyncLogger>
+        <AsyncRoot level="error">
+            <AppenderRef ref="console"/>
+        </AsyncRoot>
+    </Loggers>
+</Configuration>