Closed BBQM1911 closed 7 months ago
ysomap-master/core/src/main/java/ysomap/exploits/shiro/ShiroRCE1.java中150行附近 byte[] keyBytes = Strings.base64(key.getBytes());
应该是将key字符串byte后进行base64解码,而单调用的ysomap-master/common/src/main/java/ysomap/common/util/Strings.java中59行附近是base64编码。 public static byte[] base64(byte[] data){ Base64 base64 = new Base64(); return base64.encode(data); } 导致该ShiroRCE1 exploit失效。
感谢指出错误,已修改
wh1t3p1g
commented
10 months ago wh1t3p1g
commented
10 months ago
ysomap-master/core/src/main/java/ysomap/exploits/shiro/ShiroRCE1.java中150行附近 byte[] keyBytes = Strings.base64(key.getBytes());
应该是将key字符串byte后进行base64解码,而单调用的ysomap-master/common/src/main/java/ysomap/common/util/Strings.java中59行附近是base64编码。 public static byte[] base64(byte[] data){ Base64 base64 = new Base64(); return base64.encode(data); } 导致该ShiroRCE1 exploit失效。