GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → JoyChou93 → Java Sec Code

JoyChou93 / Java Sec Code

Java web common vulnerabilities and security code which is base on springboot and spring security

Programming Languages

java
68154 projects - #9 most used programming language

Labels

securitywebbenchmarkcodetomcatcorsrcesqlijsonp

Projects that are alternatives of or similar to Java Sec Code

Xrcross
XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
Stars: ✭ 175 (-83.06%)
Mutual labels:  cors, rce, sqli
Instagram Proxy Api
CORS compliant API to access Instagram's public data
Stars: ✭ 245 (-76.28%)
Mutual labels:  jsonp, cors
Cazador unr
Hacking tools
Stars: ✭ 95 (-90.8%)
Mutual labels:  rce, sqli
Domainker
BugBounty Tool
Stars: ✭ 40 (-96.13%)
Mutual labels:  code, rce
SecExample
JAVA 漏洞靶场 (Vulnerability Environment For Java)
Stars: ✭ 228 (-77.93%)
Mutual labels:  cors, rce
Cross Origin
🌀 跨域demo。CORS、JSONP、postMessage、websocket、document.domain、window.name、iframe等示例
Stars: ✭ 475 (-54.02%)
Mutual labels:  jsonp, cors
Javacodeaudit
Getting started with java code auditing 代码审计入门的小项目
Stars: ✭ 289 (-72.02%)
Mutual labels:  rce, code
Blackwidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (-14.13%)
Mutual labels:  rce, sqli
Exploit Cve 2016 9920
Roundcube 1.0.0 <= 1.2.2 Remote Code Execution exploit and vulnerable container
Stars: ✭ 34 (-96.71%)
Mutual labels:  rce
Tarsbenchmark
benchmark tool for tars/http service
Stars: ✭ 41 (-96.03%)
Mutual labels:  benchmark
Serverless Faas Workbench
FunctionBench
Stars: ✭ 32 (-96.9%)
Mutual labels:  benchmark
Jupyterlab black
A JupyterLab extension to apply Black formatter to code within codecell.
Stars: ✭ 35 (-96.61%)
Mutual labels:  code
Torch Scan
Useful information about PyTorch modules (FLOPs, MACs, receptive field, etc.)
Stars: ✭ 41 (-96.03%)
Mutual labels:  benchmark
Segmentation Networks Benchmark
Evaluation framework for testing segmentation networks in Keras
Stars: ✭ 34 (-96.71%)
Mutual labels:  benchmark
Tensorflow In Practice
Code based in TensorFlow
Stars: ✭ 43 (-95.84%)
Mutual labels:  code
Renew
Mix task to create mix projects that builds into Docker containers.
Stars: ✭ 33 (-96.81%)
Mutual labels:  code
Learningprocess
💥 本仓库用于记录我的学习历程和学习笔记
Stars: ✭ 31 (-97%)
Mutual labels:  code
Pibench
Benchmarking framework for index structures on persistent memory
Stars: ✭ 46 (-95.55%)
Mutual labels:  benchmark
Tbcf
Tracking Benchmark for Correlation Filters
Stars: ✭ 1,011 (-2.13%)
Mutual labels:  benchmark
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (-5.71%)
Mutual labels:  sqli
View All Similar Projects ➔

Java Sec Code

Java sec code is a very powerful and friendly project for learning Java vulnerability code.

中文文档

Introduce

This project can also be called Java vulnerability code.

Each vulnerability type code has a security vulnerability by default unless there is no vulnerability. The relevant fix code is in the comments or code. Specifically, you can view each vulnerability code and comments.

Online demo

Login username & password:

admin/admin123
joychou/joychou123

Vulnerability Code

Sort by letter.

Vulnerability Description

How to run

The application will use mybatis auto-injection. Please run mysql server ahead of time and configure the mysql server database's name and username/password except docker environment.

spring.datasource.url=jdbc:mysql://127.0.0.1:3306/java_sec_code
spring.datasource.username=root
spring.datasource.password=woshishujukumima
  • Docker
  • IDEA
  • Tomcat
  • JAR

Docker

Start docker:

docker-compose pull
docker-compose up

Stop docker:

docker-compose down

Docker's environment:

  • Java 1.8.0_102
  • Mysql 8.0.17
  • Tomcat 8.5.11

IDEA

  • git clone https://github.com/JoyChou93/java-sec-code
  • Open in IDEA and click run button.

Example:

http://localhost:8080/rce/exec?cmd=whoami

return:

Viarus

Tomcat

  • git clone https://github.com/JoyChou93/java-sec-code & cd java-sec-code
  • Build war package by mvn clean package.
  • Copy war package to tomcat webapps directory.
  • Start tomcat application.

Example:

http://localhost:8080/java-sec-code-1.0.0/rce/exec?cmd=whoami

return:

Viarus

JAR

Change war to jar in pom.xml.

<groupId>sec</groupId>
<artifactId>java-sec-code</artifactId>
<version>1.0.0</version>
<packaging>war</packaging>

Build package and run.

git clone https://github.com/JoyChou93/java-sec-code
cd java-sec-code
mvn clean package -DskipTests 
java -jar target/java-sec-code-1.0.0.jar

Authenticate

Login

http://localhost:8080/login

If you are not logged in, accessing any page will redirect you to the login page. The username & password are as follows.

admin/admin123
joychou/joychou123

Logout

http://localhost:8080/logout

RememberMe

Tomcat's default JSESSION session is valid for 30 minutes, so a 30-minute non-operational session will expire. In order to solve this problem, the rememberMe function is introduced, and the default expiration time is 2 weeks.

Contributors

Core developers : JoyChou, liergou9981 Other developers: lightless, Anemone95, waderwu.

Donate

If you like the poject, you can donate to support me. With your support, I will be able to make Java sec code better 😎.

Alipay

Scan the QRcode to support Java sec code.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].