SummerSec
diff --git a/‎.idea/artifacts/yaml_payload.xml‎
Lines changed: 14 additions & 0 deletions b/‎.idea/artifacts/yaml_payload.xml‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎.idea/compiler.xml‎
Lines changed: 3 additions & 8 deletions b/‎.idea/compiler.xml‎
Lines changed: 3 additions & 8 deletions
diff --git a/‎.idea/misc.xml‎
Lines changed: 5 additions & 0 deletions b/‎.idea/misc.xml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 5 additions & 0 deletions b/‎README.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎SnakeYAML/pom.xml‎
Lines changed: 0 additions & 19 deletions b/‎SnakeYAML/pom.xml‎
Lines changed: 0 additions & 19 deletions
diff --git a/‎SnakeYAML/src/main/java/com/AwesomeScriptEngineFactory.java‎
Lines changed: 0 additions & 92 deletions b/‎SnakeYAML/src/main/java/com/AwesomeScriptEngineFactory.java‎
Lines changed: 0 additions & 92 deletions
diff --git a/‎pom.xml‎
Lines changed: 20 additions & 5 deletions b/‎pom.xml‎
Lines changed: 20 additions & 5 deletions
diff --git a/‎src/main/java/com/drops/main/main.java‎
Lines changed: 0 additions & 2 deletions b/‎src/main/java/com/drops/main/main.java‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎src/main/java/com/drops/poc/SpringBootInfo.java‎
Lines changed: 91 additions & 0 deletions b/‎src/main/java/com/drops/poc/SpringBootInfo.java‎
Lines changed: 91 additions & 0 deletions
diff --git a/‎src/main/java/com/drops/poc/SpringBootInfoCheck.java‎
Lines changed: 36 additions & 0 deletions b/‎src/main/java/com/drops/poc/SpringBootInfoCheck.java‎
Lines changed: 36 additions & 0 deletions
@@ -7,3 +7,8 @@ TODO
 * 多线程
 * 
 
+
+
+## 参考项目
+
+https://github.com/woodpecker-appstore/springboot-vuldb
@@ -8,13 +8,11 @@
     <artifactId>SpringBootExploit</artifactId>
     <packaging>pom</packaging>
     <version>1.0-SNAPSHOT</version>
-    <modules>
-        <module>SnakeYAML</module>
-    </modules>
+
 
     <properties>
-        <maven.compiler.source>8</maven.compiler.source>
-        <maven.compiler.target>8</maven.compiler.target>
+        <maven.compiler.source>6</maven.compiler.source>
+        <maven.compiler.target>6</maven.compiler.target>
     </properties>
 
     <build>
@@ -63,6 +61,11 @@
     </build>
 
     <dependencies>
+        <dependency>
+            <groupId>com.googlecode.juniversalchardet</groupId>
+            <artifactId>juniversalchardet</artifactId>
+            <version>1.0.3</version>
+        </dependency>
         <dependency>
             <groupId>javax.servlet.jsp</groupId>
             <artifactId>jsp-api</artifactId>
@@ -74,6 +77,7 @@
             <artifactId>tomcat-embed-core</artifactId>
             <version>9.0.36</version>
         </dependency>
+
         <dependency>
             <groupId>com.nqzero</groupId>
             <artifactId>permit-reflect</artifactId>
@@ -95,11 +99,22 @@
             <version>8.0.10</version>
         </dependency>
 
+
         <dependency>
             <groupId>org.javassist</groupId>
             <artifactId>javassist</artifactId>
             <version>3.15.0-GA</version>
         </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-expression</artifactId>
+            <version>5.3.1</version>
+        </dependency>
+        <dependency>
+            <groupId>com.alibaba</groupId>
+            <artifactId>fastjson</artifactId>
+            <version>1.2.73</version>
+        </dependency>
     </dependencies>
 
 
 
@@ -6,8 +6,6 @@
 import javafx.scene.Scene;
 import javafx.stage.Stage;
 
-import java.io.IOException;
-
 public class main extends Application {
 
     public static void main(String[] args) {
 
@@ -0,0 +1,91 @@
+package com.drops.poc;
+
+import com.drops.utils.PropertiesBean;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * @ClassName: SpringBootInfo
+ * @Description: TODO
+ * @Author: Summer
+ * @Date: 2021/7/27 16:58
+ * @Version: v1.0.0
+ * @Description: Spring Boot Info
+ **/
+public class SpringBootInfo {
+    List<String> pointListV1 = new ArrayList<>();
+    List<String> pointListV2 = new ArrayList<>();
+    Map<String,String> h2Headers = new HashMap<>();
+    boolean SpringbootVersionV1 = false;
+    String[] basicPoint = new String[]{"cloudfoundryapplication","hystrix.stream" };
+    PropertiesBean properties;
+
+    public SpringBootInfo(){
+        h2Headers.put("Cache-Control", "max-age=0");
+
+        pointListV1.add("autoconfig");
+        pointListV1.add("heapdump");
+        pointListV1.add("dump");
+        pointListV1.add("mappings");
+        pointListV1.add("auditevents");
+        pointListV1.add("beans");
+        pointListV1.add("health");
+        pointListV1.add("configprops");
+        pointListV1.add("info");
+        pointListV1.add("loggers");
+        pointListV1.add("threaddump");
+        pointListV1.add("metrics");
+        pointListV1.add("trace");
+        pointListV1.add("env/spring.jmx.enabled");
+
+
+
+        pointListV2.add("actuator/auditevents");
+        pointListV2.add("actuator/beans");
+        pointListV2.add("actuator/health");
+        pointListV2.add("actuator/conditions");
+        pointListV2.add("actuator/configprops");
+        pointListV2.add("actuator/info");
+        pointListV2.add("actuator/loggers");
+        pointListV2.add("actuator/threaddump");
+        pointListV2.add("actuator/metrics");
+        pointListV2.add("actuator/httptrace");
+        pointListV2.add("actuator/mappings");
+        pointListV2.add("actuator/jolokia");
+        pointListV2.add("actuator/hystrix.stream");
+        pointListV2.add("actuator/env/spring.jmx.enabled");
+
+        pointListV2.add("monitor/auditevents");
+        pointListV2.add("monitor/beans");
+        pointListV2.add("monitor/conditions");
+        pointListV2.add("monitor/configprops");
+        pointListV2.add("monitor/env");
+        pointListV2.add("monitor/info");
+        pointListV2.add("monitor/loggers");
+        pointListV2.add("monitor/heapdump");
+        pointListV2.add("monitor/threaddump");
+        pointListV2.add("monitor/metrics");
+        pointListV2.add("monitor/scheduledtasks");
+        pointListV2.add("monitor/httptrace");
+        pointListV2.add("monitor/mappings");
+        pointListV2.add("monitor/jolokia");
+        pointListV2.add("monitor/hystrix.stream");
+    }
+
+
+
+
+    private void parseProperties(PropertiesBean properties){
+        if (properties.getHaveInfo()){
+            System.out.println("\tJVM信息:\t\t"+properties.getJvmName());
+            System.out.println("\t端口信息:\t\t"+properties.getServerPort());
+            System.out.println("\tJava版本:\t\t"+properties.getJavaVersion());
+            System.out.println("\t用户名:\t\t"+properties.getUserName());
+        }
+    }
+
+
+}
@@ -0,0 +1,36 @@
+package com.drops.poc;
+
+import com.drops.ui.MainController;
+
+/**
+ * @ClassName: SpringBootInfoCheck
+ * @Description: TODO
+ * @Author: Summer
+ * @Date: 2021/7/28 9:23
+ * @Version: v1.0.0
+ * @Description:
+ **/
+public class SpringBootInfoCheck {
+    public String url;
+    public String method;
+    public Integer timeout;
+    private MainController mainController;
+    private static final String DefalutEncoding = "UTF-8";
+
+
+    public SpringBootInfoCheck(){}
+
+    public void CheckPointInfo(String target, String method, Integer timeout){
+
+
+    }
+    // Spring Boot env端点存在环境属性覆盖和XStream反序列化漏洞
+    public void checkEnvPointV1(String target ){
+
+    }
+
+
+
+
+
+}
Original file line number	Diff line number	Diff line change
`@@ -7,3 +7,8 @@ TODO`
`7`	`7`	`* 多线程`
`8`	`8`	`*`
`9`	`9`
	`10`	`+`
	`11`	`+`
	`12`	`+## 参考项目`
	`13`	`+`
	`14`	`+https://github.com/woodpecker-appstore/springboot-vuldb`