自定义 ClassLoader 隔离运行不同版本jar包的方式 类加载机制在 Java 中,所有的类默认通过 ClassLoader 加载,而 Java 默认提供了三层的 ClassLoader,并通过双亲委托模型的原则进行加载,其基本模型与加载位置如下(更多ClassLoader相关原理请自行搜索) 2021-09-10 Java 修改ysoserial使其支持任意代码执行 减小payload的体积根据文章缩小ysoserial payload体积的几个方法最大程度上减小生成payload的体积,对比结果直接减小一半多。 支持自定义方法,类参考ysoserial 工具改造(一)和使ysoserial支持执 2021-08-30 Java CodeQL Create OpenJdk/Jdk8 Database sudo apt install mercurialhg clone http://hg.openjdk.java.net/jdk8/jdk8 jdk8ucd jdk8uchmod 777 ./*wget https://downloa 2021-08-18 codeql Fastjson回显 Fastjson回显LDAP 先启动一个LDAP服务 java -cp marshalsec-0.0.3-SNAPSHOT-all.jar marshalsec.jndi.LDAPRefServer http://127. 0.0.1:6 2021-07-18 Fsatjson 2020年研究回顾总结 前言 这篇文章是一遍概述,浓缩性的文章,大致内容是将我研究的内容,回归总结。将分析文章总一个压缩在压缩性质的总结。尽可能保证用最简单话写最多的内容,都是自己的理解,如有错误还请谅解。所有的具体分析文章都在博客中,博客地址:https:/ 2021-04-04 代码审计 反序列化 Java shiro CodeQL library for Java CodeQL library for Java¶When you’re analyzing a Java program, you can make use of the large collection of classes in the 2021-04-03 codeql Variables Variables¶变量Variables in QL are used in a similar way to variables in algebra or logic. They represent sets of values, a 2021-03-28 codeql CodeQL workshop for Java Unsafe deserialization in Apache Struts CodeQL workshop for Java: Unsafe deserialization in Apache Struts Analyzed language: Java Difficulty level: 200 Overvie 2021-03-28 SummerSec Working with source locations Working with source locations¶You can use the location of entities within Java code to look for potential errors. Locati 2021-03-27 codeql Abstract syntax tree classes for working with Java programs Abstract syntax tree classes for working with Java programs¶用于Java程序的抽象语法树类。CodeQL has a large selection of classes for 2021-03-26 codeql