java-exploit-examples

Examples of various advanced java web attacks

Attacks:

This project uses spring boot with a unique API endpoint for each attack. The vulnerable endpoints can be found at src/main/java/com/jdow/javaexploitexamples.

JDBC Connection String Deserialization

• https://github.com/0xJDow/rogue-mysql-server
• https://landgrey.me/blog/11/

Thymeleaf SSTI

• https://www.acunetix.com/blog/web-security-zone/exploiting-ssti-in-thymeleaf/
• https://www.fatalerrors.org/a/sprboot-thymeleaf-template-injection-for-java-security-development.html

JNDI Injection

• https://github.com/0xJDow/rogue-rmi-server
• https://www.veracode.com/blog/research/exploiting-jndi-injections-java