add jwt

JoyChou93 · JoyChou93 · commit 9acefb2b0c0d · 2022-11-21T18:44:54.000+08:00
diff --git a/java-sec-code.iml b/java-sec-code.iml
@@ -221,5 +221,6 @@
     <orderEntry type="library" name="Maven: commons-beanutils:commons-beanutils:1.9.4" level="project" />
     <orderEntry type="library" name="Maven: io.jsonwebtoken:jjwt:0.9.1" level="project" />
     <orderEntry type="library" name="Maven: com.auth0:java-jwt:4.0.0" level="project" />
+    <orderEntry type="library" name="Maven: cn.hutool:hutool-all:5.8.10" level="project" />
   </component>
 </module>
diff --git a/pom.xml b/pom.xml
@@ -300,6 +300,12 @@
             <version>4.0.0</version>
         </dependency>
 
+        <dependency>
+            <groupId>cn.hutool</groupId>
+            <artifactId>hutool-all</artifactId>
+            <version>5.8.10</version>
+        </dependency>
+
     </dependencies>
 
     <dependencyManagement>
diff --git a/src/main/java/org/joychou/controller/SSRF.java b/src/main/java/org/joychou/controller/SSRF.java
@@ -1,5 +1,6 @@
 package org.joychou.controller;
 
+import cn.hutool.http.HttpUtil;
 import org.joychou.security.SecurityUtil;
 import org.joychou.security.ssrf.SSRFException;
 import org.joychou.service.HttpService;
@@ -273,7 +274,7 @@ public String HttpSyncClients(@RequestParam("url") String url) {
 
 
     /**
-     * http://127.0.0.1:8080/ssrf/restTemplate/vuln?url=http://www.baidu.com <p>
+     * http://127.0.0.1:8080/ssrf/restTemplate/vuln1?url=http://www.baidu.com <p>
      * Only support HTTP protocol. <p>
      * Redirects: GET HttpMethod follow redirects by default, other HttpMethods do not follow redirects<p>
      * User-Agent: Java/1.8.0_102 <p>
@@ -294,5 +295,18 @@ public String RestTemplateUrl(String url){
     }
 
 
+    /**
+     * http://127.0.0.1:8080/ssrf/hutool/vuln?url=http://www.baidu.com <p>
+     * UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Hutool<p>
+     * Redirects: Do not follow redirects <p>
+     *
+     * @param url url
+     * @return contents of url
+     */
+    @GetMapping("/hutool/vuln")
+    public String hutoolHttp(String url){
+        return HttpUtil.get(url);
+    }
+
 
 }
