Skip to content

Commit d34ba12

Browse files
JoyChou93JoyChou93
committed
add fastjson
1 parent 5091d36 commit d34ba12

File tree

5 files changed

+51
-5
lines changed

5 files changed

+51
-5
lines changed

README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,8 @@
2020
- [SQL注入](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SQLI.java)
2121
- [URL白名单Bypass](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/URLWhiteList.java)
2222
- [Java RMI](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/RMI/Server.java)
23+
- [Fastjson](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/RMI/Fastjson.java)
24+
2325

2426
## 漏洞说明
2527

java-sec-code.iml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -59,11 +59,9 @@
5959
<orderEntry type="library" name="Maven: org.codehaus.groovy:groovy:2.4.7" level="project" />
6060
<orderEntry type="library" name="Maven: mysql:mysql-connector-java:8.0.12" level="project" />
6161
<orderEntry type="library" name="Maven: com.google.protobuf:protobuf-java:2.6.0" level="project" />
62-
<orderEntry type="library" name="Maven: com.alibaba:fastjson:1.2.49" level="project" />
62+
<orderEntry type="library" name="Maven: com.alibaba:fastjson:1.2.24" level="project" />
6363
<orderEntry type="library" name="Maven: org.jdom:jdom2:2.0.6" level="project" />
6464
<orderEntry type="library" name="Maven: org.dom4j:dom4j:2.1.1" level="project" />
65-
<orderEntry type="library" name="Maven: org.apache.shiro:shiro-web:1.3.2" level="project" />
66-
<orderEntry type="library" name="Maven: org.apache.shiro:shiro-core:1.3.2" level="project" />
6765
<orderEntry type="library" name="Maven: com.google.guava:guava:21.0" level="project" />
6866
<orderEntry type="library" name="Maven: commons-collections:commons-collections:3.1" level="project" />
6967
<orderEntry type="library" name="Maven: commons-lang:commons-lang:2.4" level="project" />

pom.xml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,12 +51,14 @@
5151
</dependency>
5252

5353
<!-- 处理json数据 -->
54+
<!-- https://mvnrepository.com/artifact/com.alibaba/fastjson -->
5455
<dependency>
5556
<groupId>com.alibaba</groupId>
5657
<artifactId>fastjson</artifactId>
57-
<version>1.2.49</version>
58+
<version>1.2.24</version>
5859
</dependency>
5960

61+
6062
<!-- jdom解析xml 最新版本为2.0.6 时间为2015-02-28 https://github.com/hunterhacker/jdom/releases-->
6163
<!-- https://mvnrepository.com/artifact/org.jdom/jdom2 -->
6264
<dependency>

src/main/java/org/joychou/controller/Fastjson.java

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
package org.joychou.controller;
2+
3+
import com.alibaba.fastjson.JSON;
4+
import com.alibaba.fastjson.JSONObject;
5+
import org.springframework.stereotype.Controller;
6+
import org.springframework.web.bind.annotation.RequestBody;
7+
import org.springframework.web.bind.annotation.RequestMapping;
8+
import org.springframework.web.bind.annotation.RequestMethod;
9+
import org.springframework.web.bind.annotation.ResponseBody;
10+
11+
12+
13+
@Controller
14+
@RequestMapping("/fastjson")
15+
public class Fastjson {
16+
17+
@RequestMapping(value = "deserialize", method = {RequestMethod.POST })
18+
@ResponseBody
19+
public static String Deserialize(@RequestBody String params) {
20+
System.out.println(params);
21+
try {
22+
JSONObject ob = JSON.parseObject(params);
23+
return ob.get("name").toString();
24+
}catch (Exception e){
25+
e.printStackTrace();
26+
return e.toString();
27+
}
28+
}
29+
30+
public static void main(String[] args){
31+
String str = "{\"name\": \"fastjson\"}";
32+
JSONObject jo = JSON.parseObject(str);
33+
System.out.println(jo.get("name")); // fastjson
34+
}
35+
}

src/main/java/org/joychou/controller/Index.java

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,13 @@
11
package org.joychou.controller;
22

33

4+
import com.alibaba.fastjson.JSON;
45
import org.springframework.stereotype.Controller;
56
import org.springframework.web.bind.annotation.RequestMapping;
67
import org.springframework.web.bind.annotation.ResponseBody;
78

9+
import java.util.HashMap;
10+
import java.util.Map;
811

912

1013
/**
@@ -18,6 +21,12 @@ public class Index {
1821
@RequestMapping("/")
1922
@ResponseBody
2023
public static String index() {
21-
return "Welcome to java sec code home page by JoyChou([email protected])";
24+
Map m = new HashMap();
25+
m.put("app_name", "java_vul_code");
26+
m.put("java_version", System.getProperty("java.version"));
27+
m.put("fastjson_version", JSON.VERSION);
28+
29+
// covert map to string
30+
return JSON.toJSONString(m);
2231
}
2332
}

0 commit comments

Comments
 (0)