This project can also be called Java vulnerability code.
Each vulnerability type code has a security vulnerability by default unless there is no vulnerability. The relevant fix code is in the comments or code. Specifically, you can view each vulnerability code and comments.
Sort by letter.
- Actuators to RCE
- CORS
- CRLF Injection
- CSRF
- Deserialize
- Fastjson
- File Upload
- IP Forge
- Java RMI
- JSONP
- RCE
- SPEL
- SQL Injection
- SSRF
- URL Redirect
- URL whitelist Bypass
- XSS
- XXE
- Tomcat
- IDEA
- JAR
-
Exclude tomcat in pom.xml.
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> <exclusions> <exclusion> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-tomcat</artifactId> </exclusion> </exclusions> </dependency>
-
Build war package by
mvn clean package. -
Copy war package to tomcat webapps directory.
-
Start tomcat application.
Example:
http://localhost:8080/java-sec-code-1.0.0/rce/exec?cmd=whoami
return:
Viarus
Click run button.
Example:
http://localhost:8080/rce/exec?cmd=whoami
return:
Viarus
-
Change
wartojarinpom.xml.<groupId>sec</groupId> <artifactId>java-sec-code</artifactId> <version>1.0.0</version> <packaging>war</packaging>
-
Build package and run.
mvn clean package -DskipTests java -jar target/java-sec-code-1.0.0.jar