JVWA

java 代码审计学习靶场,边学边完善

目前支持

spring actuator (web 和 jmx 方式)
- http://127.0.0.1:8999/actuator
- http://127.0.0.1:8999/actuator/env
- http://127.0.0.1:8999/actuator/heapdump
- http://127.0.0.1:8999/actuator/mappings
- http://127.0.0.1:8999/actuator/prometheus
swagger
- http://127.0.0.1:8999/swagger-resources
- http://127.0.0.1:8999/swagger-ui.html
- http://127.0.0.1:8999/v2/api-docs
druid
- http://127.0.0.1:8999/druid/login.html admin/admin
spel注入
- http://127.0.0.1:8999/spel?exec=1 无过滤
mysql注入
- http://127.0.0.1:8999/sqlinj/mysql/getbyid/1 无过滤
postgresql注入
- http://127.0.0.1:8999/sqlinj/postgre/getbyid/1 无过滤
url跳转漏洞
- http://127.0.0.1:8999/redirect/1?url= 无过滤
- http://127.0.0.1:8999/redirect/2?url= 可以被绕过的白名单案例
- http://127.0.0.1:8999/redirect/3?url= 反斜杠绕过
- http://127.0.0.1:8999/redirect/safe?url= 安全案例
文件上传
- http://127.0.0.1:8999/upload 无过滤/黑名单过滤/白名单过滤/安全案例
ssrf
- http://127.0.0.1:8999/ssrf/1?url= 无过滤
- http://127.0.0.1:8999/ssrf/2?url= 重定向bypass
- http://127.0.0.1:8999/ssrf/safe?url= 安全案例
ssti(Thymeleaf)
- http://127.0.0.1:8999/ssti/1?name=&name2= return可控(预处理)
- http://127.0.0.1:8999/ssti/2?name= 视图名称可控
log4j

todo

Name		Name	Last commit message	Last commit date
Latest commit History 28 Commits
src		src
.gitignore		.gitignore
README.md		README.md
exploit.iml		exploit.iml
mvnw		mvnw
mvnw.cmd		mvnw.cmd
pom.xml		pom.xml
todo.md		todo.md