aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Aaron
2025-09-06 16:08:15 +08:00
commit 63285f61aa
2624 changed files with 88491 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
java/rmi-codebase/README.zh-cn.md Normal file
View File

@@ -0,0 +1,25 @@
# Java RMI Codebase 远程代码执行漏洞
Java Remote Method InvocationRMI是Java中用于远程过程调用的机制。在满足特定条件的情况下RMI客户端可以通过指定`java.rmi.server.codebase`参数使服务端加载远程对象从而执行任意Java字节码。
参考链接:
- <https://docs.oracle.com/javase/7/docs/technotes/guides/rmi/codebase.html>
- <https://paper.seebug.org/1091/>
## 环境搭建
执行如下命令编译及启动RMI Registry和服务器
```
docker compose build
docker compose run -e RMIIP=your-ip -p 1099:1099 -p 64000:64000 rmi
```
`your-ip`替换为你的服务器IP地址客户端将使用此IP连接服务器。
环境启动后RMI Registry将监听在1099端口。
## 漏洞复现
待完善。