Skip to content

Commit 5701288

Browse files
JoyChou93JoyChou93
committed
update readme
1 parent 15a99fb commit 5701288

File tree

2 files changed

+25
-7
lines changed

2 files changed

+25
-7
lines changed

README.md

Lines changed: 24 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@
1717
- [远程命令执行](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/Rce.java)
1818
- [反序列化](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/Deserialize.java)
1919
- [文件上传](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/FileUpload.java)
20+
- [SQL注入](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SQLI.java)
2021

2122
## 如何运行
2223

@@ -106,6 +107,8 @@ if __name__ == '__main__':
106107

107108
## XXE
108109

110+
### 支持Xinclude的XXE
111+
109112
2018年08月22日更新支持XInclude的XXE漏洞代码,详情见代码。
110113

111114
POC
@@ -117,25 +120,40 @@ POC
117120
</root>
118121
```
119122

120-
URL编码后
123+
URL编码后的payload
121124

122125
```
123126
http://localhost:8080/xxe/DocumentBuilder_xinclude?xml=%3C%3fxml+version%3d%221.0%22+%3f%3E%0d%0a%3Croot+xmlns%3axi%3d%22http%3a%2f%2fwww.w3.org%2f2001%2fXInclude%22%3E%0d%0a+%3Cxi%3ainclude+href%3d%22file%3a%2f%2f%2fetc%2fpasswd%22+parse%3d%22text%22%2f%3E%0d%0a%3C%2froot%3E
124127
```
125128

129+
详情可以查看[浅析xml之xinclude & xslt](https://www.anquanke.com/post/id/156227)
130+
126131
## SQL注入
127132

128-
POC
133+
### POC
134+
135+
访问
129136

130137
```
131138
http://localhost:8080/sqli/jdbc?name=joychou' or 'a'='a
132139
```
133140

134-
返回`joychou: 123 wilson: 456 lightless: 789`
141+
返回
142+
```
143+
joychou: 123 wilson: 456 lightless: 789
144+
```
135145

136-
正常访问`http://localhost:8080/sqli/jdbc?name=joychou`,返回`joychou: 123`
146+
正常访问
147+
```
148+
http://localhost:8080/sqli/jdbc?name=joychou
149+
```
150+
151+
返回
137152

138-
数据库配置:
153+
```
154+
joychou: 123
155+
```
156+
### 数据库配置
139157

140158
```sql
141159
/*
@@ -180,7 +198,7 @@ SET FOREIGN_KEY_CHECKS = 1;
180198

181199
```
182200

183-
说明:
201+
### 说明
184202

185203
SQL注入修复方式采用预处理方式,修复见代码。
186204
Mybatis的`#{}`也是预处理方式处理SQL注入。

src/main/java/org/joychou/controller/XXE.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -138,7 +138,7 @@ public static String xxe_xinclude_DocumentBuilder(HttpServletRequest request) {
138138
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
139139

140140
dbf.setXIncludeAware(true); // 支持XInclude
141-
dbf.setNamespaceAware(true);
141+
dbf.setNamespaceAware(true); // 支持XInclude
142142

143143
// fix code start
144144

0 commit comments

Comments
 (0)