exp1orer/JNDI-Inject-Exploit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
SearchNull
2021-12-29 11:05:54 +08:00
parent 7ef120bef8
commit 620228f129
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
README.md
View File

@@ -6,6 +6,21 @@
>
> Solve the high version of JDK Bypass, like FastJson, Jackson, Log4j2, native JNDI injection vulnerabilities, and detect locally available deserialization gadgets to achieve command execution, echo command execution, and memory shell injection
## ChangeLog
**v0.2 Version**
- 修复已知bug
- 支持从文件中读取HTTP请求
***
**v0.1 Version**
- Gadget探测
- 回显命令执行
- 内存马注入
## Usage
```shell
@@ -82,6 +97,14 @@ EnableHttpLog=False
## Example
**文件内容**
![](https://searchnull-image.oss-cn-shenzhen.aliyuncs.com/20211229105716.png)
**从文件中读取HTTP请求进行漏洞利用**
![](https://searchnull-image.oss-cn-shenzhen.aliyuncs.com/20211229104932.png)
**LDAP查询的对象名称可为任意字符示例为EvilObjectLDAPServer拦截客户端搜索结果获取查询名称并根据该名称返回结果因此查询任何名称均可运行。**
```