Overview
The heapdump_shiro_vuln repository provides a vulnerable environment that demonstrates how heapdump can leak the Shiro key leading to RCE vulnerabilities.
Key Features
- Vulnerability Demonstration: The environment showcases a Shiro deserialization vulnerability that can be exploited if the Shiro key is obtained.
- Docker Support: The project can be easily run using Docker, allowing for quick setup and testing in isolated environments.
- Heapdump Access: Users can access the
/actuator/heapdumpendpoint to obtain the heapdump file and extract the Shiro key. - Version Compatibility: Demonstrates vulnerabilities specific to Shiro version 1.8.0.
Benefits
- Educational Tool: Ideal for security researchers and developers to understand the risks associated with Shiro key leaks.
- Hands-On Experience: Allows users to practice exploitation techniques in a controlled setting, enhancing security skillsets.
Highlights
- The repository is actively maintained and updated for usability and improved functionality.