8000 GitHub - ddawxaf/jdbc-tricks: 《深入JDBC安全:特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
/ jdbc-tricks Public
forked from yulate/jdbc-tricks

《深入JDBC安全:特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目

License

Apache-2.0 license
0 stars 27 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ddawxaf/jdbc-tricks

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
dump-mysql-properties
dump-mysql-properties
 
 
jdbc-test-case
jdbc-test-case
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

jdbc-tricks

《深入JDBC安全:特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目

0x01 项目结构

jdbc-tricks/
├── LICENSE
├── README.md
├── dump-mysql-properties mysql驱动默认安全属性分析
├── jdbc-test-case jdbc测试集

0x02 Trick 列表

会议前暂时只公布一部分已知trick

MYSQL Tricks

  • default properties :默认属性绕过
  • multi host :多host写法绕过
  • space between :键值插入空格绕过
  • tab between :键值插入 \t 等制表符绕过
  • upper case :键值大写绕过

todo

PG

0x03 真实世界漏洞案例

会议前暂不公开

About

《深入JDBC安全:特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 64.7%
  • Java 35.3%
0