Rome1.0 之前见过,当时参考这个ROME反序列化分析 (c014.cn) yso里的rome1.0利用链如下 TemplatesImpl.getOutputProperties() NativeMethodAccessorImpl.invoke0(Method, Object, Object[]) NativeMethodAccessorIm…
cc2 就是一条cc的链子最后一步的时候不要用runtime.exec,而是改用getTemplatesImpl poc package org.apache.commons.collections; import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl; import …
https://editor.csdn.net/md/?articleId=124115237
https://blog.csdn.net/weixin_51458899/article/details/124100618?spm=1001.2014.3001.5501
https://blog.csdn.net/weixin_51458899/article/details/124100545?spm=1001.2014.3001.5501
(44条消息) 浅谈 yso的 Commons-Collections1 (cc1)反序列化链 如何手写这条链子_ththaiai的博客-CSDN博客
https://blog.csdn.net/weixin_51458899/article/details/124075088?spm=1001.2014.3001.55
又更新辣!链接还是以前那个(请在本站点里翻翻)
(81条消息) java安全入门【持续更新】_ththaiai的博客-CSDN博客