Skip to content

Commit

Permalink
blog
Browse files Browse the repository at this point in the history
  • Loading branch information
@seventeenman
seventeenman committed May 6, 2022
1 parent 07fd03a commit d51b76e
Show file tree
Hide file tree
Showing 3 changed files with 194 additions and 1 deletion.
2 changes: 1 addition & 1 deletion blog/2022-4-8.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ <h2 class="section-heading">补丁分析</h2>

<h2 class="section-heading">漏洞分析</h2>

<p>&nbsp;&nbsp;&nbsp;前面看到如果黑白名单逗没有匹配到并且AutoType开启,则直接调用TypeUtils.loadClass加载类。
<p>&nbsp;&nbsp;&nbsp;前面看到如果黑白名单中没有匹配到并且AutoType开启,则直接调用TypeUtils.loadClass加载类。
进入到TypeUtils.loadClass方法中可以看到匹配到L开头并且;结尾的类名后会去掉这两个字符再次load,
所以我们将@type的类名开头加入L,结尾加入;即可绕过。</p>

Expand Down
175 changes: 175 additions & 0 deletions blog/2022-5-8.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,175 @@
<!DOCTYPE html>
<html lang="en">

<head>

<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">

<title>Blog Of SEVENTEEN</title>

<link rel = "Shortcut Icon" href="../img/favicon.ico">

<!-- Bootstrap core CSS -->
<link href="../vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet">

<!-- Custom fonts for this template -->
<link href="../vendor/fontawesome-free/css/all.min.css" rel="stylesheet" type="text/css">
<link href='https://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet'
type='text/css'>
<link href='https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800'
rel='stylesheet' type='text/css'>

<!-- Custom styles for this template -->
<link href="../css/clean-blog.min.css" rel="stylesheet">

<!-- Code highlight-->
<link rel="stylesheet" href="../highlight/styles/ashes.min.css">

<!-- fancybox-->
<link href="../css/jquery.fancybox.min.css" rel="stylesheet">


</head>

<body>

<!-- Navigation -->
<nav class="navbar navbar-expand-lg navbar-light fixed-top" id="mainNav">
<div class="container">
<a class="navbar-brand" href="../index.html">Index</a>
<button class="navbar-toggler navbar-toggler-right" type="button" data-toggle="collapse"
data-target="#navbarResponsive" aria-controls="navbarResponsive" aria-expanded="false"
aria-label="Toggle navigation">
Menu
<i class="fas fa-bars"></i>
</button>
<div class="collapse navbar-collapse" id="navbarResponsive">
<ul class="navbar-nav ml-auto">
<li class="nav-item">
<a class="nav-link" href="../index.html">Home</a>
</li>
<li class="nav-item">
<a class="nav-link" href="../about.html">About</a>
</li>
<li class="nav-item">
<a class="nav-link" href="../contact.html">Contact</a>
</li>
</ul>
</div>
</div>
</nav>

<!-- Page Header -->
<header class="masthead" style="background-image: url('../img/post-bg.jpeg')">
<div class="overlay"></div>
<div class="container">
<div class="row">
<div class="col-lg-8 col-md-10 mx-auto">
<div class="post-heading">
<h1>Fastjson不出网利用</h1>
<h2 class="subheading">Fastjson不出网利用</h2>
<span class="meta">Posted by
<a href="#">SEVENTEEN</a>
on May 8, 2022</span>
</div>
</div>
</div>
</div>
</header>

<!-- Post Content -->
<article>
<div class="container">
<div class="row">
<div class="col-lg-8 col-md-10 mx-auto">

<h2 class="section-heading">前言</h2>

<p>&nbsp;&nbsp;&nbsp;在不出网的情况下Fastjson无法使用rmi之类的方法来rce,所以这次来复现一下Fastjson不出网情况下的利用。</p>


<h2 class="section-heading">漏洞复现</h2>

<p>&nbsp;&nbsp;&nbsp;</p>

<a data-fancybox="gallery" href="../img/2022-5-8/1-1.jpg">
<img class="img-fluid" src="../img/2022-5-8/1-1.jpg" alt="">
</a>







<h2 class="section-heading">There Is Nothing Below</h2>
<p>&nbsp;&nbsp;&nbsp;</p>

<a href="#">
<img class="img-fluid" src="../img/post-bg.jpeg" alt="">
</a>
<span class="caption text-muted">Turn at the next intersection.</span>

<blockquote class="blockquote">
</blockquote>

</div>
</div>
</div>
</article>

<hr>

<!-- Footer -->
<footer>
<div class="container">
<div class="row">
<div class="col-lg-8 col-md-10 mx-auto">
<ul class="list-inline text-center">
<li class="list-inline-item">
<a href="#">
<span class="fa-stack fa-lg">
<i class="fas fa-circle fa-stack-2x"></i>
<i class="fab fa-twitter fa-stack-1x fa-inverse"></i>
</span>
</a>
</li>
<li class="list-inline-item">
<a href="#">
<span class="fa-stack fa-lg">
<i class="fas fa-circle fa-stack-2x"></i>
<i class="fab fa-facebook-f fa-stack-1x fa-inverse"></i>
</span>
</a>
</li>
<li class="list-inline-item">
<a href="#">
<span class="fa-stack fa-lg">
<i class="fas fa-circle fa-stack-2x"></i>
<i class="fab fa-github fa-stack-1x fa-inverse"></i>
</span>
</a>
</li>
</ul>
<p class="copyright text-muted">Copyright &copy; SEVENTEEN 2022</p>
</div>
</div>
</div>
</footer>

<!-- Bootstrap core JavaScript -->
<script src="../vendor/jquery/jquery.min.js"></script>
<script src="../vendor/bootstrap/js/bootstrap.bundle.min.js"></script>

<!-- Custom scripts for this template -->
<script src="../js/clean-blog.min.js"></script>

<script src="https://code.jquery.com/jquery-3.3.1.min.js"></script>
<script src="../js/jquery.fancybox.min.js"></script>

</body>

</html>
18 changes: 18 additions & 0 deletions index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,24 @@ <h1>Blog Of SEVENTEEN</h1>
<div class="col-lg-8 col-md-10 mx-auto">



<div class="post-preview">
<a href="blog/2022-5-8.html">
<h2 class="post-title">
Fastjson不出网利用
</h2>
<h3 class="post-subtitle">
Fastjson不出网利用
</h3>
</a>
<p class="post-meta">Posted by
<a href="#">SEVENTEEN</a>
on May 8, 2022</p>
</div>

<hr>



<div class="post-preview">
<a href="blog/2022-4-12.html">
Expand Down

0 comments on commit d51b76e

Please sign in to comment.