Giter Club home page Giter Club logo

eams's Introduction

Hello, I'm Martin. I do open source!


I'm a passionate developer from China

About me

  • 💼 Java Engineer

  • 📈 The only sustainable competitive advantage is the ability to learn over competitors.

  • ❤️ I love Coding, and building fun experiments

  • 💬 Ask me about anything here

Martin's github stats

Top Repositories


eams's People

Contributors

dependabot[bot] avatar martin-bian avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar

Forkers

hongmengark ttt555 bossding czmayu qinfengzhu n0madsoul 19977435420 hahagioi998 dawnsongpeng liangdaye suk-li 274843301 fuze2333

eams's Issues

There is a deserialization vulnerability

In EAMS/eams-framework/src/main/java/com/dimple/framework/config/ShiroConfig.java we can find a fixed key and uses this key to encrypt the rememberMe parameter in the cookie. It will cause deserialization vulnerability

xoSgmT.png

I set up a a local environment for attacks.

I found that the source code contains commons-collections-3.2.2.jar and commons-beanutils-1.9.4.jar dependency, which is actually a dependency included in shiro.
Using this dependency, it is possible to generate a deserialized payload and then encrypt the payload using the key obtained by blasting. write this payload after the rememberMe field and attack it. Successful RCE.

[xoSrpn.png](

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.