Java

Environment Pom.xml <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-collections4</artifactId> <version>4.0</version> </dependency> <dependency> <groupId>org.javassist</groupId> <artifactId>javassist</artifactId> <version>3.22.0-GA</version> </dependency> TemplatesImpI 这个类用于加载恶意类，当声明一个实例的时候会触发getTransletInstance方法 查看getTransletInstance中**_name**变量为空则直接返回 ...

About 本文是关于Apache commons collections反序列漏洞利用链的过程复现 Environment JDK version jdk-8u65-windows-x64 Common collections version 3.2.1 Java Archive Downloads - Java SE 8 oracle.com passwords - BugMeNot. (如果下载JDK需要登录，这里是免费的账户) ...