又来提bug了 - Githubissues

qi4L / JYso

It can be either a JNDIExploit or a ysoserial.

GNU General Public License v3.0

1.48k stars 174 forks source link

Closed Gary-yang1 closed 6 months ago

Gary-yang1 commented 6 months ago

com.qi4l.jndi.gadgets.Config.Config.java

public static String HEADER_KEY = "https://QI4L.cn/"; public static String HEADER_VALUE = "https://QI4L.cn/";

hk和hv都是你的域名，打入内存马的时候构造https://QI4L.cn/: https://QI4L.cn/是打不进的

修改为
// Referer 校验 public static String HEADER_KEY = "Referer";

可以的话能给个好友位不，还有其他bug直接找你聊了

qi4L commented 6 months ago

可以加V

qi4L commented 6 months ago

感谢反馈！

ViCrack commented 6 months ago

话说这个header value可能会被某些WAF列入关键字全家桶

qi4L commented 6 months ago

可以自定义吧

ViCrack commented 6 months ago

可以自定义吧

好吧，我以为说的是不能自定义的那种