j3ers3
diff --git a/‎Dockerfile‎
Lines changed: 1 addition & 1 deletion b/‎Dockerfile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 9 additions & 2 deletions b/‎README.md‎
Lines changed: 9 additions & 2 deletions
diff --git a/‎deploy.sh‎
Lines changed: 1 addition & 0 deletions b/‎deploy.sh‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎hello.iml‎
Lines changed: 35 additions & 5 deletions b/‎hello.iml‎
Lines changed: 35 additions & 5 deletions
diff --git a/‎pom.xml‎
Lines changed: 94 additions & 16 deletions b/‎pom.xml‎
Lines changed: 94 additions & 16 deletions
diff --git a/‎src/main/java/com/best/hello/config/LoginHandlerInterceptor.java‎
Lines changed: 0 additions & 1 deletion b/‎src/main/java/com/best/hello/config/LoginHandlerInterceptor.java‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎src/main/java/com/best/hello/config/MvcConfig.java‎
Lines changed: 13 additions & 10 deletions b/‎src/main/java/com/best/hello/config/MvcConfig.java‎
Lines changed: 13 additions & 10 deletions
diff --git a/‎src/main/java/com/best/hello/controller/Admin.java‎
Lines changed: 37 additions & 0 deletions b/‎src/main/java/com/best/hello/controller/Admin.java‎
Lines changed: 37 additions & 0 deletions
@@ -2,7 +2,7 @@ FROM java:8
 
 VOLUME /tmp
 
-ADD hello-1.0.0-SNAPSHOT.jar app.jar
+ADD javasec.jar app.jar
 
 EXPOSE 8888
 
 
@@ -1,5 +1,5 @@
 # ☕️ Hello Java Sec ![Stage](https://img.shields.io/badge/Release-DEV-brightgreen.svg)
-> Java漏洞平台，结合漏洞代码和安全编码，帮助研发同学理解和减少漏洞
+> Java漏洞平台，结合漏洞代码和安全编码，帮助研发同学理解和减少漏洞，代码仅供参考
 
 ![](media/16304933749187.jpg)
 
@@ -22,7 +22,10 @@
 - [x] Actuator
 - [x] Fastjson
 - [x] Xstream
-- [ ] 越权
+- [x] Log4shell
+- [x] JNDI
+- [x] 越权
+- [x] Dos
 - [ ] more
 
 ![](media/16304936834843.jpg)
@@ -44,6 +47,10 @@ mvn clean package -DskipTests
 java -jar target/hello-1.0.0-SNAPSHOT.jar
 ```
 
+### Docker
+```
+bash deploy.sh
+```
 
 ## 技术架构
 - Java 1.8
 
@@ -0,0 +1 @@
+docker build -t javasec . && docker run -d -p 80:8888 -v /opt/javasec/logs:/logs javasec
@@ -33,7 +33,6 @@
     <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-to-slf4j:2.13.3" level="project" />
     <orderEntry type="library" name="Maven: org.slf4j:jul-to-slf4j:1.7.30" level="project" />
     <orderEntry type="library" name="Maven: jakarta.annotation:jakarta.annotation-api:1.3.5" level="project" />
-    <orderEntry type="library" name="Maven: org.yaml:snakeyaml:1.27" level="project" />
     <orderEntry type="library" name="Maven: com.zaxxer:HikariCP:3.4.5" level="project" />
     <orderEntry type="library" name="Maven: org.springframework:spring-jdbc:5.3.2" level="project" />
     <orderEntry type="library" name="Maven: org.springframework:spring-beans:5.3.2" level="project" />
@@ -94,7 +93,6 @@
     <orderEntry type="library" name="Maven: org.springframework:spring-web:5.3.2" level="project" />
     <orderEntry type="library" name="Maven: org.springframework:spring-webmvc:5.3.2" level="project" />
     <orderEntry type="library" name="Maven: org.springframework:spring-aop:5.3.2" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-context:5.3.2" level="project" />
     <orderEntry type="library" name="Maven: org.springframework:spring-expression:5.3.2" level="project" />
     <orderEntry type="library" name="Maven: com.alibaba:fastjson:1.2.24" level="project" />
     <orderEntry type="library" name="Maven: com.thoughtworks.xstream:xstream:1.4.10" level="project" />
@@ -111,8 +109,6 @@
     <orderEntry type="library" scope="RUNTIME" name="Maven: org.latencyutils:LatencyUtils:2.0.3" level="project" />
     <orderEntry type="library" name="Maven: org.jolokia:jolokia-core:1.4.0" level="project" />
     <orderEntry type="library" name="Maven: com.googlecode.json-simple:json-simple:1.1.1" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-core:2.13.3" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-api:2.13.3" level="project" />
     <orderEntry type="library" name="Maven: org.codehaus.groovy:groovy:2.5.14" level="project" />
     <orderEntry type="library" name="Maven: org.codehaus.groovy:groovy-ant:2.5.14" level="project" />
     <orderEntry type="library" name="Maven: org.apache.ant:ant:1.9.15" level="project" />
@@ -174,10 +170,44 @@
     <orderEntry type="library" name="Maven: commons-io:commons-io:2.11.0" level="project" />
     <orderEntry type="library" name="Maven: org.apache.shiro:shiro-spring:1.2.4" level="project" />
     <orderEntry type="library" name="Maven: org.apache.shiro:shiro-core:1.2.4" level="project" />
-    <orderEntry type="library" name="Maven: commons-beanutils:commons-beanutils:1.8.3" level="project" />
     <orderEntry type="library" name="Maven: org.apache.shiro:shiro-web:1.2.4" level="project" />
     <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-databind:2.11.0" level="project" />
     <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.11.0" level="project" />
     <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-core:2.11.0" level="project" />
+    <orderEntry type="library" name="Maven: org.yaml:snakeyaml:1.17" level="project" />
+    <orderEntry type="library" name="Maven: org.owasp.esapi:esapi:2.2.0.0" level="project" />
+    <orderEntry type="library" name="Maven: com.io7m.xom:xom:1.2.10" level="project" />
+    <orderEntry type="library" name="Maven: commons-beanutils:commons-beanutils:1.9.3" level="project" />
+    <orderEntry type="library" name="Maven: commons-logging:commons-logging:1.2" level="project" />
+    <orderEntry type="library" name="Maven: commons-configuration:commons-configuration:1.10" level="project" />
+    <orderEntry type="library" name="Maven: commons-fileupload:commons-fileupload:1.3.3" level="project" />
+    <orderEntry type="library" name="Maven: log4j:log4j:1.2.17" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.commons:commons-collections4:4.2" level="project" />
+    <orderEntry type="library" name="Maven: org.apache-extras.beanshell:bsh:2.0b6" level="project" />
+    <orderEntry type="library" name="Maven: org.owasp.antisamy:antisamy:1.5.8" level="project" />
+    <orderEntry type="library" name="Maven: net.sourceforge.nekohtml:nekohtml:1.9.22" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.httpcomponents:httpclient:4.5.13" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.httpcomponents:httpcore:4.4.14" level="project" />
+    <orderEntry type="library" name="Maven: commons-codec:commons-codec:1.15" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.xmlgraphics:batik-css:1.11" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.xmlgraphics:batik-util:1.11" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.xmlgraphics:batik-constants:1.11" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.xmlgraphics:batik-i18n:1.11" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.xmlgraphics:xmlgraphics-commons:2.3" level="project" />
+    <orderEntry type="library" name="Maven: xml-apis:xml-apis-ext:1.3.04" level="project" />
+    <orderEntry type="library" name="Maven: xalan:xalan:2.7.2" level="project" />
+    <orderEntry type="library" name="Maven: xalan:serializer:2.7.2" level="project" />
+    <orderEntry type="library" name="Maven: xerces:xercesImpl:2.12.0" level="project" />
+    <orderEntry type="library" name="Maven: xml-apis:xml-apis:1.4.01" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-core:2.8.2" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-api:2.8.2" level="project" />
+    <orderEntry type="library" name="Maven: org.projectlombok:lombok:1.18.22" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.dubbo:dubbo:2.7.3" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-context:5.3.2" level="project" />
+    <orderEntry type="library" name="Maven: org.javassist:javassist:3.20.0-GA" level="project" />
+    <orderEntry type="library" name="Maven: io.netty:netty-all:4.1.55.Final" level="project" />
+    <orderEntry type="library" name="Maven: com.google.code.gson:gson:2.8.6" level="project" />
+    <orderEntry type="library" name="Maven: com.google.re2j:re2j:1.6" level="project" />
+    <orderEntry type="library" name="Maven: com.github.whvcse:easy-captcha:1.6.2" level="project" />
   </component>
 </module>
@@ -10,8 +10,8 @@
     </parent>
 
     <groupId>com.best</groupId>
-    <artifactId>hello</artifactId>
-    <version>1.0.2</version>
+    <artifactId>javasec</artifactId>
+    <version>1.7</version>
     <name>hello java sec</name>
     <description>Java Sec</description>
     <packaging>jar</packaging>
@@ -46,14 +46,14 @@
             <version>2.1.4</version>
         </dependency>
 
-        <!-- mysql -->
+        <!-- mysql驱动 -->
         <dependency>
             <groupId>mysql</groupId>
             <artifactId>mysql-connector-java</artifactId>
             <scope>runtime</scope>
         </dependency>
 
-        <!-- spring boot-->
+        <!-- spring boot Junit-->
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
@@ -65,14 +65,14 @@
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
 
-        <!-- 处理json数据, Fastjson 1.2.24存在rce漏洞 -->
+        <!-- Fastjson 1.2.24存在rce漏洞 -->
         <dependency>
             <groupId>com.alibaba</groupId>
             <artifactId>fastjson</artifactId>
             <version>1.2.24</version>
         </dependency>
 
-        <!-- 多个rce漏洞-->
+        <!-- xstream多个rce -->
         <dependency>
             <groupId>com.thoughtworks.xstream</groupId>
             <artifactId>xstream</artifactId>
@@ -98,11 +98,6 @@
             <version>1.4.0</version>
         </dependency>
 
-        <dependency>
-            <groupId>org.apache.logging.log4j</groupId>
-            <artifactId>log4j-core</artifactId>
-        </dependency>
-
         <!-- 引入groovy 来执行命令 -->
         <dependency>
             <groupId>org.codehaus.groovy</groupId>
@@ -186,27 +181,110 @@
             <version>2.11.0</version>
         </dependency>
 
-        <!-- AMF RCE
+        <!-- webservice -->
+        <!--
         <dependency>
-            <groupId>org.apache.flex.blazeds</groupId>
-            <artifactId>flex-messaging-common</artifactId>
-            <version>4.7.2</version>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-spring-boot-starter-jaxws</artifactId>
+            <version>3.2.5</version>
         </dependency>
         -->
 
+        <!-- snakeyaml rce-->
+        <dependency>
+            <groupId>org.yaml</groupId>
+            <artifactId>snakeyaml</artifactId>
+            <version>1.17</version>
+        </dependency>
+
+        <!-- 高版本会报错! -->
+        <dependency>
+            <groupId>org.owasp.esapi</groupId>
+            <artifactId>esapi</artifactId>
+            <version>2.2.0.0</version>
+        </dependency>
+
+        <!-- log4j 远程代码执行 2.15.0依赖已修复 -->
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-core</artifactId>
+            <version>2.8.2</version>
+        </dependency>
 
-        <!-- Spring Security -->
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-api</artifactId>
+            <version>2.8.2</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.18.22</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.dubbo</groupId>
+            <artifactId>dubbo</artifactId>
+            <version>2.7.3</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.google.re2j</groupId>
+            <artifactId>re2j</artifactId>
+            <version>1.6</version>
+
+        </dependency>
+
+        <dependency>
+            <groupId>com.github.whvcse</groupId>
+            <artifactId>easy-captcha</artifactId>
+            <version>1.6.2</version>
+        </dependency>
 
 
     </dependencies>
 
+
     <build>
         <plugins>
             <!-- 用于maven构建 -->
             <plugin>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-maven-plugin</artifactId>
+                <version>2.5.3</version>
+            </plugin>
+
+            <plugin>
+                <groupId>org.owasp</groupId>
+                <artifactId>dependency-check-maven</artifactId>
+                <version>6.5.3</version>
+
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>check</goal>
+                        </goals>
+                    </execution>
+                </executions>
             </plugin>
+
+            <plugin>
+                <groupId>org.cyclonedx</groupId>
+                <artifactId>cyclonedx-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <phase>compile</phase>
+                        <goals>
+                            <goal>makeAggregateBom</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <outputFormat>xml</outputFormat>
+                </configuration>
+            </plugin>
+
         </plugins>
     </build>
 
 
@@ -8,7 +8,6 @@
 public class LoginHandlerInterceptor implements HandlerInterceptor {
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
-        // 用户登录成功后获取session
         Object session = request.getSession().getAttribute("LoginUser");
         if (session == null) {
             request.setAttribute("msg", "请先登录");
 
@@ -5,15 +5,11 @@
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
-/**
- * 视图跳转
- */
 @Configuration
 public class MvcConfig implements WebMvcConfigurer {
     @Override
     public void addViewControllers(ViewControllerRegistry registry) {
-        // 路由 -> 视图.html
-        registry.addViewController("/").setViewName("login");
+        registry.addViewController("/").setViewName("index");
         registry.addViewController("/login").setViewName("login");
         registry.addViewController("/index").setViewName("index");
         registry.addViewController("/index/xss").setViewName("xss");
@@ -33,17 +29,24 @@ public void addViewControllers(ViewControllerRegistry registry) {
         registry.addViewController("/index/password").setViewName("password");
         registry.addViewController("/index/xstream").setViewName("xstream");
         registry.addViewController("/index/fastjson").setViewName("fastjson");
+        registry.addViewController("/index/admin").setViewName("logs");
+        registry.addViewController("/index/xff").setViewName("xff");
+        registry.addViewController("/index/unauth").setViewName("unauth");
+        registry.addViewController("/index/jackson").setViewName("jackson");
+        registry.addViewController("/index/log4j").setViewName("log4j");
+        registry.addViewController("/index/jndi").setViewName("jndi");
+        registry.addViewController("/index/csrf").setViewName("csrf");
+        registry.addViewController("/index/dos").setViewName("dos");
+        registry.addViewController("/index/cors").setViewName("cors");
+        registry.addViewController("/index/captcha").setViewName("captcha_vul");
 
     }
 
-    /**
-     * 拦截器，判断是否登录成功
-     * todo
-     */
+
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
         registry.addInterceptor(new LoginHandlerInterceptor())
                 .addPathPatterns("/**")
-                .excludePathPatterns("/user/login", "/login", "/", "/css/**", "/js/**", "/img/**");
+                .excludePathPatterns("/user/login", "/user/ldap", "/login", "/css/**", "/js/**", "/img/**", "/Unauth/**", "/captcha");
     }
 }
@@ -0,0 +1,37 @@
+package com.best.hello.controller;
+
+import com.alibaba.fastjson.JSON;
+import io.swagger.annotations.ApiOperation;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.catalina.util.ServerInfo;
+
+import org.springframework.stereotype.Controller;
+
+import org.springframework.web.bind.annotation.*;
+
+import java.util.HashMap;
+import java.util.Map;
+
+
+@Slf4j
+@Controller
+@RequestMapping("/admin")
+public class Admin {
+
+
+    @ApiOperation(value = "查询系统基本信息")
+    @GetMapping("/info")
+    @ResponseBody
+    public String sysInfo() {
+        Map<String, String> m = new HashMap<>();
+
+        m.put("app", "Hello Java SEC");
+        m.put("author", "nul1");
+        m.put("tomcat_version", ServerInfo.getServerInfo());
+        m.put("java_version", System.getProperty("java.version"));
+        m.put("fastjson_version", JSON.VERSION);
+
+        return JSON.toJSONString(m);
+    }
+
+}
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+docker build -t javasec . && docker run -d -p 80:8888 -v /opt/javasec/logs:/logs javasec`