Java安全-反序列化
文章目录
反序列化
CC链
CommonsCollections(CC)反序列化攻击链
- CC1攻击链:AnnotationInvocationHandler + LazyMap/TransformedMap + Transformer
- CC2攻击链:PriorityQueue + TransformingComparator + Transformer + TemplatesImpl
- CC3攻击链:AnnotationInvocationHandler + Proxy + LazyMap + Transformer + TrAXFilter + TemplatesImpl
- CC4攻击链:PriorityQueue + TransformingComparator + TrAXFilter + TemplatesImpl
- CC5攻击链:BadAttributeValueExpException + TiedMapEntry + LazyMap + Transformer
- CC6攻击链:HashSet + HashMap + TiedMapEntry + LazyMap + Transformer
- CC7攻击链:HashTable + TiedMapEntry + LazyMap + Transformer
CC1-CC7思维导图
CB链
CommonsBeanUtils(CB)反序列化攻击链
