File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 4747+ 2021/10/26 [ Hessian 原理分析] ( https://www.cnblogs.com/shangxiaofei/p/4222170.html ) 大概就是以二进制数组传输的rpc,存在反序列化问题。
4848+ 2021/10/26 [ XXL-JOB Hessian2反序列化漏洞] ( https://www.mi1k7ea.com/2021/04/22/XXL-JOB-Hessian2%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E/ )
4949+ 2021/10/30 [ Mojarra JSF ViewState 反序列化漏洞] ( https://blog.csdn.net/xuandao_ahfengren/article/details/113135364 )
50- + 2021/11/02 [ 关于Java 中 XXE 的利用限制探究] ( https://www.freebuf.com/articles/web/284225.html ) ** 使用http外带数据不能有换行,使用ftp可以解决,但是ftp在java 8u131修复了这个漏洞 CVE-2017 -3533**
50+ + 2021/11/02 [ 关于Java 中 XXE 的利用限制探究] ( https://www.freebuf.com/articles/web/284225.html ) ** 使用http外带数据不能有换行,使用ftp可以解决,但是ftp在java 8u131修复了这个漏洞 CVE-2017 -3533** [ 代码修复 ] ( https://github.com/openjdk/jdk8u-dev/commit/644ddd7722bea502f029378c22d51b6eb66f8c25 )
5151+ 2021/11/02 [ Adobe ColdFusion 反序列化漏洞(CVE-2017 -3066)] ( https://github.com/vulhub/vulhub/blob/master/coldfusion/CVE-2017-3066/README.zh-cn.md ) 暴露接口反序列化。。。
5252+ 2021/11/03 [ 浅谈Liferay Portal JSON Web Service未授权反序列化远程代码执行漏洞] ( https://xz.aliyun.com/t/7485 )
5353+ 2021/11/03 [ H2 Database Console 未授权访问] ( https://github.com/vulhub/vulhub/blob/master/h2database/h2-console-unacc/README.zh-cn.md )
You can’t perform that action at this time.
0 commit comments