add rce

Author: JoyChou93

.gitignore

@@ -1,3 +1,4 @@
 .idea/
 .DS_Store
 target/
+*.iml

java-sec-code.iml

@@ -5,7 +5,7 @@
       <configuration />
     </facet>
   </component>
-  <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_6">
+  <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_8">
     <output url="file://$MODULE_DIR$/target/classes" />
     <output-test url="file://$MODULE_DIR$/target/test-classes" />
     <content url="file://$MODULE_DIR$">

src/main/java/org/joychou/controller/Rce.java

@@ -0,0 +1,48 @@
+package org.joychou.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import javax.servlet.http.HttpServletRequest;
+import java.io.BufferedInputStream;
+import java.io.BufferedReader;
+import java.io.InputStreamReader;
+
+/**
+ * author: JoyChou ([email protected])
+ * date:   2018.05.24
+ * desc:   java xxe vuls code
+ * fix:    filter parameters
+ */
+
+@Controller
+@RequestMapping("/rce")
+public class Rce {
+
+    @RequestMapping("/exec")
+    @ResponseBody
+    public String CommandExec(HttpServletRequest request){
+        String cmd = request.getParameter("cmd").toString();
+        Runtime run = Runtime.getRuntime();
+        try {
+            Process p = run.exec(cmd);
+            BufferedInputStream in = new BufferedInputStream(p.getInputStream());
+            BufferedReader inBr = new BufferedReader(new InputStreamReader(in));
+            String lineStr;
+            while ((lineStr = inBr.readLine()) != null)
+                return lineStr;
+            if (p.waitFor() != 0) {
+                if (p.exitValue() == 1)
+                    return "command exec failed";
+            }
+            inBr.close();
+            in.close();
+        } catch (Exception e) {
+            e.printStackTrace();
+            return "Except";
+        }
+        return "Cmd exec success.";
+    }
+}
+

src/main/java/org/joychou/controller/XMLInjection.java

@@ -1,17 +1,25 @@
 package org.joychou.controller;
 
+import com.sun.corba.se.impl.ior.OldJIDLObjectKeyTemplate;
 import org.springframework.stereotype.*;
 import org.springframework.web.bind.annotation.*;
 import javax.servlet.http.HttpServletRequest;
 import org.w3c.dom.Document;
 import org.xml.sax.helpers.XMLReaderFactory;
 import org.xml.sax.XMLReader;
 import java.io.StringReader;
+import java.net.URL;
+
 import org.xml.sax.InputSource;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Unmarshaller;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.SAXParserFactory;
 import javax.xml.parsers.SAXParser;
+import javax.xml.transform.stream.StreamSource;
+
 import org.xml.sax.helpers.DefaultHandler;
 import org.apache.commons.digester3.Digester;
 
@@ -104,4 +112,7 @@ public static String xxe_DocumentBuilder(HttpServletRequest request) {
             return "except";
         }
     }
+
+
+
 }