lca

真正的不自由，是在自己的心中设下牢笼。

fastjson

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

fastjson 1268 jkd11 writefile

参考：https://github.com/lemono0/FastJsonPart 主打一个过程复现，理解漏洞利用流程，网上很多大佬的文章，文章写的很好，但作为基础学习还是不够（特别是用 idea 编译 java 文件，如何解决依赖等基础问题…

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

fastjson漏洞复现-1268-jdbc

启动环境，访问站点，抓取登陆处的包删除右括号，报错报错探测 fastjson 的版本 Copy { "@type": "java.lang.AutoCloseable" 版本为 1.2.68 此环境可以配合 Mysql-JDBC 反序列化打 fastjson 参考…

漏洞复现1 min

Ownership of this blog data is guaranteed by blockchain and smart contracts to the creator alone.

Blockchain ID
#53657
Owner
0x0bd0c6639592f2265c3dcd019be4fe39e5b00428
Transaction Hash
Creation 0x34535011...6d5df05b8a Last Update 0xe5b1f072...d2b4843c0d
IPFS Address
ipfs://QmWPgfA7jGwZNo43JoDAKZUrQmgF22eKkG55SDBL4Xy7JD