search

X1r0z / JNDIMap

JNDI 注入利用工具, 支持 RMI, LDAP 和 LDAPS 协议, 包含多种高版本 JDK 绕过方式 | A JNDI injection exploit tool that supports RMI, LDAP and LDAPS protocols, including a variety of methods to bypass higher-version JDK
303 stars 22 forks source link

TomcatJDBC路由下需补充Derby打法 #2

Closed B0T1eR closed 4 months ago

B0T1eR commented 4 months ago

TomcatJDBC:DataSourceFactory中的initSQL属性仅能执行单挑sql语句,所以Derby SQL RCE写法也要和HikariCP一样 image