JavaVulnSummary 用来练习Java代码审计的集合。 分析文章 代码地址 由JDK7u21反序列化漏洞引起的对TemplatesImpl的深入学习 https://github.com/R17a-17/JavaVulnSummary/tree/main/ysoserial/src/main/java/com/r17a/ysoserial/jdk7u21 关于JDK7u21 Gadgets两个问题的探讨 https://github.com/R17a-17/JavaVulnSummary/tree/main/ysoserial/src/main/java/com/r17a/ysoserial/jdk7u21 WebLogic CVE-2021-2135分析及POC构造遇到的问题 https://github.com/R17a-17/JavaVulnSummary/blob/main/weblogic/src/main/java/com/r17a/weblogic/cve/CVE_2021_2135.java 反序列化入口PriorityQueue分析及相关Gadget总结 https://github.com/R17a-17/JavaVulnSummary/blob/main/weblogic/src/main/java/com/r17a/weblogic/https://github.com/R17a-17/JavaVulnSummary/tree/main/ysoserial/src/main/java/com/r17a/ysoserial/ Java反序列化和集合之间的渊源 https://github.com/R17a-17/JavaVulnSummary/tree/main/ysoserial/src/main/java/com/r17a/ysoserial/ Jenkins Nested View插件XXE漏洞(CVE-2021-21680)分析 Java XXE漏洞实验及总结 https://github.com/R17a-17/JavaVulnSummary/tree/main/owasp/src/main/java/com/r17a/commonvuln/securitymissconfig/xxe Jenkins Code Coverage API 插件漏洞分 https://github.com/R17a-17/JavaVulnSummary/blob/main/jenkins/src/main/java/com/r17a/jenkins/CVE_2021_21677.java Java命令执行总结 https://github.com/R17a-17/JavaVulnSummary/tree/main/owasp/src/main/java/com/r17a/commonvuln/injection/command Java文件操作类漏洞总结 https://github.com/R17a-17/JavaVulnSummary/tree/main/owasp/src/main/java/com/r17a/commonvuln/file Java SSRF漏洞总结 https://github.com/R17a-17/JavaVulnSummary/blob/main/owasp/src/main/java/com/r17a/commonvuln/ssrf/Ssrf.java [URL跳转和重定向](https://r17a-17.github.io/2021/09/21/Java URL跳转总结/) Java SecurityManager学习 https://github.com/R17a-17/JavaVulnSummary/tree/main/owasp/src/main/java/com/r17a/commonvuln/securitymissconfig/securitymanager 一文读懂OGNL漏洞Java表达式注入 https://github.com/R17a-17/JavaVulnSummary/tree/main/owasp/src/main/java/com/r17a/commonvuln/injection/expression