Java 1.8.0_102 Mysql 8.0.17 Tomcat 8.5.11 IDEA git clone https://github.com/JoyChou93/java-sec-code Open in IDEA and clickrunbutton. Example: return: Viarus Tomcat git clone https://github.com/JoyChou93/java-sec-code&cd java-sec-code ...
<artifactId>java-sec-code</artifactId> <version>1.0.0</version> <packaging>war</packaging> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>1.5.1.RELEASE</version> </parent> <dependencies> <dependency> <groupId>org.springfram...
* @desc: Java url redirect */ @Controller @RequestMapping("/urlRedirect") public class URLRedirect { /** * @disc: 存在URL重定向漏洞 * @fix: 添加URL白名单 https://github.com/JoyChou93/trident/blob/master/src/main/java/CheckURL.java */ @GetMapping("/redirect") public String redir...
git clone https://github.com/JoyChou93/java-sec-code cd java-sec-code mvn clean package -DskipTests java -jar target/java-sec-code-1.0.0.jar Authenticate http://localhost:8080/login If you are not logged in, accessing any page will redirect you to the login page. The username & passwor...
* <a href="https://github.com/JoyChou93/java-sec-code/wiki/URL-whtielist-Bypass">More details</a> */ @GetMapping("/vuln/url_bypass") public void url_bypass(String url, HttpServletResponse res) throws IOException { logger.info("url: " + url); if (!SecurityUtil.isHttp(url)...
master .github src .gitattributes .gitignore README.md README_zh.md docker-compose.yml java-sec-code.iml pom.xml Breadcrumbs java-sec-code / .gitignore Latest commit JoyChou93 add command inject 40cf83b· Jul 31, 2019 HistoryHistory File metadata and controls Code Blame 9 lines (9 loc...