README

sinks:
  # 命令注入
  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String)>", index: 0 }
  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String[])>", index: 0 }
  - { method: "<java.lang.ProcessBuilder: java.lang.Process start()>", index: base }
  - { method: "<java.lang.ProcessImpl: java.lang.Process start()>", index: base }
  - { method: "<java.lang.UNIXProcess: java.lang.Process start()>", index: base }

method为函数签名，index表示关键参数的位置，0表示如果第一个参数用户可控则存在风险，base表示如果基变量用户可控则存在风险。

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
rce		rce
sqldet		sqldet
ssrf		ssrf
writefile		writefile
xxe		xxe
README.md		README.md
defineClass.yaml		defineClass.yaml
jnd-deser.yaml		jnd-deser.yaml
readfile.yaml		readfile.yaml
remote-class-load.yaml		remote-class-load.yaml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

README

About

Uh oh!

Releases

Packages

Hdys0vn/sinks

Folders and files

Latest commit

History

Repository files navigation

README

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Packages