Skip to content

kw0ngr/javaEeAccessControlCheck

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

javaEeAccessControlCheck.py

javaEeAccessControlCheck.py

 
 

Repository files navigation

javaEeAccessControlCheck

Check broken access control exists in the Java web application.

检查 Java Web 应用程序中是否存在 访问控制绕过、授权绕过、越权访问、未授权访问等问题。

更新

  • 删除requests库及相关方法
  • 删除 AllLength 方法
  • 优化代码

使用

python3 javaEeAccessControlCheck.py "http://127.0.0.1/admin/index?id=1"
python3 javaEeAccessControlCheck.py "http://127.0.0.1/admin/index" -data id=1
python3 javaEeAccessControlCheck.py "http://127.0.0.1/admin/index" -data-json '{"id":1}'

[GET]自动判断/Automatic judgment

image

[GET]所有Payload长度/All Response Length

image

[POST]自动判断/Automatic judgment

image

[POST]所有Payload长度/All Response Length

image

[POST-JSON]所有Payload长度/All Response Length

image

测试某开源系统

image

可根据不同payload的返回包长度来判断哪些payload可用 image

测试某开源系统

image

image

image

About

Check broken access control exists in the Java web application. 检查 Java Web 应用程序中是否存在访问控制绕过/授权绕过问题。

Resources

Readme

License

GPL-3.0 license
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages