Skip to content

Commit 900ddaa

Browse files
Ar3hAr3h
committed
update CHANGELOG 1.4.0
1 parent 8a2303d commit 900ddaa

File tree

2 files changed

+53
-0
lines changed

2 files changed

+53
-0
lines changed

CHANGELOG.md

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,41 @@
1+
## 1.4.0
2+
3+
**Added**
4+
5+
- Integrated some FastjsonPayloads
6+
- Added the following Expression Injection Payloads:
7+
- FreeMarker
8+
- JXPath @unam4
9+
- Thymeleaf @unam4
10+
- Aviator @ReaJason
11+
- JINJava @ReaJason
12+
- Velocity @ReaJason
13+
- When using Exploit modules, directly generating a Payload will automatically check if the port is open. If the service
14+
port is not open, it will automatically start the corresponding service. The involved Exploit modules include: JNDI,
15+
FakeMySQL, JRMPListener, HTTPServer, TCPServer.
16+
17+
**Changed**
18+
19+
- java-chains migrated to the vulhub project.
20+
- Project renamed from web-chains to java-chains.
21+
- [class-obf](https://github.com/jar-analyzer/class-obf) obfuscation project updated from v1.4.0 to v1.5.0.
22+
- Removed WriteFile bytecode.
23+
- Removed the "delete" option from DownloadExec and WriteFileExec bytecode gadgets.
24+
- Gadget IP parameter now defaults to 127.0.0.1.
25+
126
## 1.3.1
227

328
**Added**
29+
430
- SpringAopAspectjweaver Chain
531

632
**Bugfix**
33+
734
- Fixed issue where Payload parameters were ineffective in version 1.3.0
835
- Fixed parameter setting errors for some Gadgets
936

1037
**Optimization**
38+
1139
- Improved generation speed for large packets of overlong UTF8 dirty data
1240
- Added support for obfuscation in secondary deserialization
1341
- Improved descriptions for some chains

CHANGELOG.zh-cn.md

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,38 @@
1+
## 1.4.0
2+
3+
**Added**
4+
5+
- 集成部分 FastjsonPayload
6+
- 添加以下表达式注入 Payload
7+
- FreeMarker
8+
- JXPath @unam4
9+
- Thymeleaf @unam4
10+
- Aviator @ReaJason
11+
- JINJava @ReaJason
12+
- Velocity @ReaJason
13+
- 使用 Exploit 模块时,直接生成 Payload 会自动判断端口是否开启,若服务端口未开启则自动开启对应服务。涉及 Exploit
14+
模块:JNDI、FakeMySQL、JRMPListener、HTTPServer、TCPServer
15+
16+
**Changed**
17+
18+
- java-chains 迁移至 vulhub 项目下
19+
- 项目从 web-chains 更名 java-chains
20+
- [class-obf](https://github.com/jar-analyzer/class-obf) 混淆项目 从 v1.4.0 更新至 v1.5.0
21+
- 删除 WriteFile 字节码
22+
123
## 1.3.1
224

325
**新增**
26+
427
- SpringAopAspectjweaver 链
528

629
**Bug修复**
30+
731
- 修复在 1.3.0 版本中 Payload 参数不生效问题
832
- 修复一些 Gadget 参数设置报错问题
933

1034
**优化**
35+
1136
- 提高脏数据 overlong utf8 大包生成速度
1237
- 在二次反序列化中支持混淆
1338
- 部分链的描述

0 commit comments

Comments
 (0)