8000 GitHub - Hdys0vn/sinks: Collection of sinks for Java vulnerability research 收集Java漏洞挖掘常见sink
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
/ sinks Public

Collection of sinks for Java vulnerability research 收集Java漏洞挖掘常见sink

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Hdys0vn/sinks

BranchesTags

Repository files navigation

README

sinks:
  # 命令注入
  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String)>", index: 0 }
  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String[])>", index: 0 }
  - { method: "<java.lang.ProcessBuilder: java.lang.Process start()>", index: base }
  - { method: "<java.lang.ProcessImpl: java.lang.Process start()>", index: base }
  - { method: "<java.lang.UNIXProcess: java.lang.Process start()>", index: base }

method为函数签名,index表示关键参数的位置,0表示如果第一个参数用户可控则存在风险,base表示如果基变量用户可控则存在风险。

About

Collection of sinks for Java vulnerability research 收集Java漏洞挖掘常见sink

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published
0