JVWA

java 代码审计学习靶场,边学边完善

---

目前支持

• spring actuator (web 和 jmx 方式)
  • http://127.0.0.1:8999/actuator
  • http://127.0.0.1:8999/actuator/env
  • http://127.0.0.1:8999/actuator/heapdump
  • http://127.0.0.1:8999/actuator/mappings
  • http://127.0.0.1:8999/actuator/prometheus
• swagger
  • http://127.0.0.1:8999/swagger-resources
  • http://127.0.0.1:8999/swagger-ui.html
  • http://127.0.0.1:8999/v2/api-docs
• druid
  • http://127.0.0.1:8999/druid/login.html admin/admin
• spel注入
  • http://127.0.0.1:8999/spel?exec=1 无过滤
• mysql注入
  • http://127.0.0.1:8999/sqlinj/mysql/getbyid/1 无过滤
• postgresql注入
  • http://127.0.0.1:8999/sqlinj/postgre/getbyid/1 无过滤
• url跳转漏洞
  • http://127.0.0.1:8999/redirect/1?url= 无过滤
  • http://127.0.0.1:8999/redirect/2?url= 可以被绕过的白名单案例
  • http://127.0.0.1:8999/redirect/3?url= 反斜杠绕过
  • http://127.0.0.1:8999/redirect/safe?url= 安全案例
• 文件上传
  • http://127.0.0.1:8999/upload 无过滤/黑名单过滤/白名单过滤/安全案例
• ssrf
  • http://127.0.0.1:8999/ssrf/1?url= 无过滤
  • http://127.0.0.1:8999/ssrf/2?url= 重定向bypass
  • http://127.0.0.1:8999/ssrf/safe?url= 安全案例
• ssti(Thymeleaf)
  • http://127.0.0.1:8999/ssti/1?name=&name2= return可控(预处理)
  • http://127.0.0.1:8999/ssti/2?name= 视图名称可控
• log4j

---

部署方式

todo

---

参考的项目

• j3ers3/Hello-Java-Sec
• javaweb-rasp/javaweb-vuln
• LandGrey/SpringBootVulExploit
• JoyChou93/java-sec-code