JoyChou93
diff --git a/‎README.md‎
Lines changed: 73 additions & 64 deletions b/‎README.md‎
Lines changed: 73 additions & 64 deletions
diff --git a/‎README_zh.md‎
Lines changed: 97 additions & 0 deletions b/‎README_zh.md‎
Lines changed: 97 additions & 0 deletions
diff --git a/‎java-sec-code.iml‎
Lines changed: 1 addition & 0 deletions b/‎java-sec-code.iml‎
Lines changed: 1 addition & 0 deletions
@@ -1,111 +1,120 @@
-# Java Security Code
+# Java sec code
 
-## 介绍
 
-该项目也可以叫做Java Vulnerability Code(Java漏洞代码)。
+[中文文档](https://github.com/JoyChou93/java-sec-code/blob/master/README.md)
 
-每个漏洞类型代码默认存在安全漏洞（除非本身不存在漏洞），相关修复代码在注释里。具体可查看每个漏洞代码和注释。
+## Introduce
 
-## 漏洞代码
+This project can also be called Java vulnerability code. 
 
-- [XXE](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/XXE.java)
-- [SSRF](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SSRF.java)
-- [URL重定向](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/URLRedirect.java)
-- [IP伪造](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/IPForge.java)
-- [XSS](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/XSS.java)
-- [CRLF注入](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/CRLFInjection.java)
-- [远程命令执行](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/Rce.java)
-- [反序列化](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/Deserialize.java)
-- [文件上传](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/FileUpload.java)
-- [SQL注入](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SQLI.java)
-- [URL白名单Bypass](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/URLWhiteList.java)
-- [Java RMI](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/RMI/Server.java)
-- [Fastjson](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/Fastjson.java)
+Each vulnerability type code has a security vulnerability by default unless there is no vulnerability. The relevant fix code is in the comments or code. Specifically, you can view each vulnerability code and comments.
+
+## Vulnerability Code
+
+Sort by letter.
+
+- [Actuators to RCE](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/resources/logback.xml)
 - [CORS](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/CORS.java)
+- [CRLF Injection](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/CRLFInjection.java)
+- [CSRF](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/WebSecurityConfig.java)
+- [Deserialize](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/Deserialize.java)
+- [Fastjson](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/Fastjson.java)
+- [File Upload](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/FileUpload.java)
+- [IP Forge](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/IPForge.java)
+- [Java RMI](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/RMI/Server.java)
 - [JSONP](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/JSONP.java)
+- [RCE](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/Rce.java)
 - [SPEL](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SPEL.java)
-- [Actuators to RCE](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/resources/logback.xml)
-- [CSRF](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/WebSecurityConfig.java)
+- [SQL Injection](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SQLI.java)
+- [SSRF](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SSRF.java)
+- [URL Redirect](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/URLRedirect.java)
+- [URL whitelist Bypass](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/URLWhiteList.java)
+- [XSS](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/XSS.java)
+- [XXE](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/XXE.java)
 
-## 漏洞说明
 
-- [Java RMI](https://github.com/JoyChou93/java-sec-code/wiki/Java-RMI)
-- [XXE](https://github.com/JoyChou93/java-sec-code/wiki/XXE)
-- [SQLI](https://github.com/JoyChou93/java-sec-code/wiki/SQL-Inject)
-- [Fastjson](https://github.com/JoyChou93/java-sec-code/wiki/Fastjson)
+## Vulnerability Description
+
+- [Actuators to RCE](https://github.com/JoyChou93/java-sec-code/wiki/Actuators-to-RCE)
 - [CORS](https://github.com/JoyChou93/java-sec-code/wiki/CORS)
 - [CSRF](https://github.com/JoyChou93/java-sec-code/wiki/CSRF)
+- [Fastjson](https://github.com/JoyChou93/java-sec-code/wiki/Fastjson)
+- [Java RMI](https://github.com/JoyChou93/java-sec-code/wiki/Java-RMI)
 - [JSONP](https://github.com/JoyChou93/java-sec-code/wiki/JSONP)
-- [Actuators to RCE](https://github.com/JoyChou93/java-sec-code/wiki/Actuators-to-RCE)
+- [SQLI](https://github.com/JoyChou93/java-sec-code/wiki/SQL-Inject)
 - [URL whitelist Bypass](https://github.com/JoyChou93/java-sec-code/wiki/URL-whtielist-Bypass)
+- [XXE](https://github.com/JoyChou93/java-sec-code/wiki/XXE)
 - [Others](https://github.com/JoyChou93/java-sec-code/wiki/others)
 
+## How to run
 
-## 如何运行
-
+- Tomcat
+- IDEA
+- JAR
 
 ### Tomcat
 
-1. 生成war包 `mvn clean package`
-2. 将target目录的war包，cp到Tomcat的webapps目录
-3. 重启Tomcat应用
+- Exclude tomcat in pom.xml.
 
+    ```
+    <dependency>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-web</artifactId>
+        <exclusions>
+            <exclusion>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-starter-tomcat</artifactId>
+            </exclusion>
+        </exclusions>
+    </dependency>
+    ```
+
+- Build war package by `mvn clean package`.
+- Copy war package to Tomcat webapps directory.
+- Start tomcat application.
+
+Example:
 
 ```
 http://localhost:8080/java-sec-code-1.0.0/rce/exec?cmd=whoami
 ```
- 
-返回
 
-``` 
+return:
+
+```
 Viarus
 ```
 
 ### IDEA
 
-如果想在IDEA中直接运行，需要在IDEA中添加Tomcat配置，步骤如下：
+Click `run` button.
 
-```
-Run -> Edit Configurations -> 添加TomcatServer(Local) -> Server中配置Tomcat路径 -> Deployment中添加Artifact选择java-sec-code:war exploded
-```
-
-![tomcat](https://github.com/JoyChou93/java-sec-code/raw/master/idea-tomcat.png)
-
-配置完成后，右上角直接点击run，即可运行。
+Example:
 
 ```
 http://localhost:8080/rce/exec?cmd=whoami
 ```
- 
-返回
 
-``` 
+return:
+
+```
 Viarus
 ```
 
----
-
-有人反馈不想额外下载Tomcat，想使用SpringBoot自带的Tomcat，所以额外说明。
-
-具体操作：执行`cp pom-idea.xml pom.xml`后，最后在IDEA中右键`Run Application`。
+### JAR
 
-### Jar包
+Change `war` to `jar` in `pom.xml`.
 
-
-有人反馈想直接打Jar包运行。具体操作：
-
-先修改pom.xml里的配置，将war改成jar
-
-``` 
-    <groupId>sec</groupId>
-    <artifactId>java-sec-code</artifactId>
-    <version>1.0.0</version>
-    <packaging>war</packaging>
+```
+<groupId>sec</groupId>
+<artifactId>java-sec-code</artifactId>
+<version>1.0.0</version>
+<packaging>war</packaging>
 ```
 
-再打包运行即可。
+Build package and run.
 
 ```
 mvn clean package -DskipTests 
-java -jar 打包后的jar包路径
-```
+java -jar target/java-sec-code-1.0.0.jar
+```
@@ -0,0 +1,97 @@
+# Java Security Code
+
+## 介绍
+
+该项目也可以叫做Java Vulnerability Code(Java漏洞代码)。
+
+每个漏洞类型代码默认存在安全漏洞（除非本身不存在漏洞），相关修复代码在注释里。具体可查看每个漏洞代码和注释。
+
+## 漏洞代码
+
+- [XXE](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/XXE.java)
+- [SSRF](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SSRF.java)
+- [URL重定向](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/URLRedirect.java)
+- [IP伪造](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/IPForge.java)
+- [XSS](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/XSS.java)
+- [CRLF注入](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/CRLFInjection.java)
+- [远程命令执行](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/Rce.java)
+- [反序列化](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/Deserialize.java)
+- [文件上传](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/FileUpload.java)
+- [SQL注入](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SQLI.java)
+- [URL白名单Bypass](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/URLWhiteList.java)
+- [Java RMI](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/RMI/Server.java)
+- [Fastjson](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/Fastjson.java)
+- [CORS](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/CORS.java)
+- [JSONP](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/JSONP.java)
+- [SPEL](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SPEL.java)
+- [Actuators to RCE](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/resources/logback.xml)
+- [CSRF](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/WebSecurityConfig.java)
+
+## 漏洞说明
+
+- [Java RMI](https://github.com/JoyChou93/java-sec-code/wiki/Java-RMI)
+- [XXE](https://github.com/JoyChou93/java-sec-code/wiki/XXE)
+- [SQLI](https://github.com/JoyChou93/java-sec-code/wiki/SQL-Inject)
+- [Fastjson](https://github.com/JoyChou93/java-sec-code/wiki/Fastjson)
+- [CORS](https://github.com/JoyChou93/java-sec-code/wiki/CORS)
+- [CSRF](https://github.com/JoyChou93/java-sec-code/wiki/CSRF)
+- [JSONP](https://github.com/JoyChou93/java-sec-code/wiki/JSONP)
+- [Actuators to RCE](https://github.com/JoyChou93/java-sec-code/wiki/Actuators-to-RCE)
+- [URL whitelist Bypass](https://github.com/JoyChou93/java-sec-code/wiki/URL-whtielist-Bypass)
+- [Others](https://github.com/JoyChou93/java-sec-code/wiki/others)
+
+
+## 如何运行
+
+
+### Tomcat
+
+1. 生成war包 `mvn clean package`
+2. 将target目录的war包，cp到Tomcat的webapps目录
+3. 重启Tomcat应用
+
+
+```
+http://localhost:8080/java-sec-code-1.0.0/rce/exec?cmd=whoami
+```
+ 
+返回
+
+``` 
+Viarus
+```
+
+### IDEA
+
+直接点击run按钮即可运行。
+
+```
+http://localhost:8080/rce/exec?cmd=whoami
+```
+ 
+返回
+
+``` 
+Viarus
+```
+
+
+
+### Jar包
+
+
+先修改pom.xml里的配置，将war改成jar。
+
+``` 
+    <groupId>sec</groupId>
+    <artifactId>java-sec-code</artifactId>
+    <version>1.0.0</version>
+    <packaging>war</packaging>
+```
+
+再打包运行即可。
+
+```
+mvn clean package -DskipTests 
+java -jar 打包后的jar包路径
+```
@@ -169,5 +169,6 @@
     <orderEntry type="library" name="Maven: org.springframework.security:spring-security-config:4.2.12.RELEASE" level="project" />
     <orderEntry type="library" name="Maven: org.springframework:spring-aop:4.3.6.RELEASE" level="project" />
     <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-security:2.1.5.RELEASE" level="project" />
+    <orderEntry type="library" name="Maven: commons-net:commons-net:3.6" level="project" />
   </component>
 </module>