Java sec code is a very powerful and friendly project for learning Java vulnerability code.

中文文档

This project can also be called Java vulnerability code.

Each vulnerability type code has a security vulnerability by default unless there is no vulnerability. The relevant fix code is in the comments or code. Specifically, you can view each vulnerability code and comments.

Sort by letter.

• Actuators to RCE
• CORS
• CRLF Injection
• CSRF
• Deserialize
• Fastjson
• File Upload
• IP Forge
• Java RMI
• JSONP
• RCE
• SPEL
• SQL Injection
• SSRF
• URL Redirect
• URL whitelist Bypass
• XSS
• XXE

• Actuators to RCE
• CORS
• CSRF
• Fastjson
• Java RMI
• JSONP
• SQLI
• URL whitelist Bypass
• XXE
• Others

• Tomcat
• IDEA
• JAR

• Exclude tomcat in pom.xml.

  <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-web</artifactId>
      <exclusions>
          <exclusion>
              <groupId>org.springframework.boot</groupId>
              <artifactId>spring-boot-starter-tomcat</artifactId>
          </exclusion>
      </exclusions>
  </dependency>

• Build war package by mvn clean package.

• Copy war package to tomcat webapps directory.

• Start tomcat application.

Example:

http://localhost:8080/java-sec-code-1.0.0/rce/exec?cmd=whoami

return:

Viarus

Click run button.

Example:

http://localhost:8080/rce/exec?cmd=whoami

return:

Viarus

Change war to jar in pom.xml.

<groupId>sec</groupId>
<artifactId>java-sec-code</artifactId>
<version>1.0.0</version>
<packaging>war</packaging>

Build package and run.

mvn clean package -DskipTests 
java -jar target/java-sec-code-1.0.0.jar

If you like the poject, you can donate to support me. With your support, I will be able to make Java sec code better 😎.

Scan the QRcode to support Java sec code.