w0s1np

记录学习和思考快就是慢、慢就是快静下心来学习

JEP290

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

JEP290绕过

前言上文已经分析过 rmi 反序列化的几种攻击方法，这篇文章就学习了一下 JEP290 机制的检测和绕过思路，整个流程是比较清楚的了，就是让 registry 当作 client 端向恶意 jrmp 服务端发起 rmi 请求，此时环境的 filter 为空 JEP290 是什么…

Ownership of this blog data is guaranteed by blockchain and smart contracts to the creator alone.

Blockchain ID
#75582
Owner
0xbacc48c092dd53c38410ff2d6ab3f09c44442e1f
Transaction Hash
Creation 0x21d5e06a...ca554121fb Last Update 0x67d49051...fe819cb7a8
IPFS Address
ipfs://QmNuBMJnPDmBVBGZ1mtc2WinbN9Du36gYtY2N6abnzvfER