The articles in this series are aimed at people who have a basic knowledge of Java's basic syntax. The contents of this series of articles mainly include:
- Introduction to audit environment
- SQL vulnerability principle and actual case introduction
- XSS vulnerability principle and actual case introduction
- SSRF vulnerability principle and actual case introduction
- RCE vulnerability principle and actual case introduction
- Includes vulnerability principles and actual case introductions
- Serialization vulnerability principle and actual case introduction
- S2 series classic vulnerability analysis
- WebLogic series of classic vulnerability analysis
- fastjson series classic vulnerability analysis
- Jackson series classic vulnerability analysis, etc.
The content order may be slightly adjusted, but the overall content will not change. Finally, I hope that this series of articles can bring you a little gain.
This project contains the source code needed based on the above article
Have fun
本系列的文章面向人群主要是拥有 Java 基本语法基础的朋友,系列文章的内容主要包括:
- 审计环境介绍
- SQL 漏洞原理与实际案例介绍
- XSS 漏洞原理与实际案例介绍
- SSRF 漏洞原理与实际案例介绍
- RCE 漏洞原理与实际案例介绍
- 包含漏洞原理与实际案例介绍
- 序列化漏洞原理与实际案例介绍
- S2系列经典漏洞分析
- WebLogic 系列经典漏洞分析
- fastjson系列经典漏洞分析
- jackson系列经典漏洞分析等
可能内容顺序会略有调整,但是总体内容不会改变,最后希望这系列的文章能够给你带来一点收获。
本项目包含了基于上述文章中需要的源码
玩的开心