Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: hjk201960/learnjavabug
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: master
Choose a base ref
...
head repository: threedr3am/learnjavabug
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 9 commits
  • 86 files changed
  • 1 contributor

Commits on Feb 24, 2020

  1. feat:dubbo rouge新利用方式,大规模攻击dubbo客户端 

    1. 利用注册中心(例:zookeeper)可读写(未授权访问、弱口令、账号密码泄露等)攻击,导致dubbo客户端连接到恶意服务,恶意服务返回恶意序列化数据,导致客户端被反序列化RCE
2. 客户端序列化类型由注册中心控制,导致可被换成更易受攻击的原生java序列化类型进行攻击
    threedr3am committed Feb 24, 2020
    Configuration menu
    Copy the full SHA
    b049cc7 View commit details
    Browse the repository at this point in the history

Commits on Mar 29, 2021

  1. feat common 

    1. 添加两个常用shell
2. thymeleaf利用generator
    threedr3am committed Mar 29, 2021
    Configuration menu
    Copy the full SHA
    78e87fb View commit details
    Browse the repository at this point in the history

  2. Merge branch 'feature/dubbo-rouge'

    threedr3am committed Mar 29, 2021
    Configuration menu
    Copy the full SHA
    758d662 View commit details
    Browse the repository at this point in the history

Commits on Apr 6, 2021

  1. fix h2 RCE inject.sql

    threedr3am committed Apr 6, 2021
    Configuration menu
    Copy the full SHA
    04790a2 View commit details
    Browse the repository at this point in the history

Commits on Sep 18, 2021

  1. 添加shiro 1.7.1 auth bypass

    threedr3am committed Sep 18, 2021
    Configuration menu
    Copy the full SHA
    2f802e6 View commit details
    Browse the repository at this point in the history

Commits on Jun 21, 2022

  1. add CVE-2022-22980 Learning Demo

    threedr3am committed Jun 21, 2022
    Configuration menu
    Copy the full SHA
    e3b6694 View commit details
    Browse the repository at this point in the history

  2. add Query

    threedr3am committed Jun 21, 2022
    Configuration menu
    Copy the full SHA
    b5e8427 View commit details
    Browse the repository at this point in the history

Commits on Feb 22, 2024

  1. add CVE-2024-22243 & optimize project

    threedr3am committed Feb 22, 2024
    Configuration menu
    Copy the full SHA
    65a6bd4 View commit details
    Browse the repository at this point in the history

Commits on Mar 14, 2024

  1. fix any pom & add CVE-2024-22259 demo

    threedr3am committed Mar 14, 2024
    Configuration menu
    Copy the full SHA
    3f7fe9d View commit details
    Browse the repository at this point in the history
Loading