BlogPapers
<a href="sumsec.me"><img src="https://readme-typing-svg.demolab.com?font=Fira+Code&size=24&pause=1000&color=FDFDFD&background=13797800¢er=true&vCenter=true&width=435&lines=%F0%9F%91%8B%EF%BC%8C%E5%83%8F%E6%B8%85%E6%B0%B4%E4%B8%80%E8%88%AC%E6%B8%85%E6%BE%88%E9%80%8F%E6%98%8E" alt="SummerSec" /></a>
Install / Use
/learn @SummerSec/BlogPapersREADME
<img src="./resources/Hi.gif" width="30px"><a href="https://sumsec.me/"><img src="https://readme-typing-svg.demolab.com?font=Fira+Code&duration=6000&pause=1500&color=2D94F7&height=45&lines=%20%20+%E4%BD%A0%E5%A5%BD%E5%91%80%EF%BC%81;%E5%83%8F%E6%B8%85%E6%B0%B4%E4%B8%80%E8%88%AC%E6%B8%85%E6%BE%88%E9%80%8F%E6%98%8E" alt="Typing SVG" /></a>
🏯 HOME 📁 Archives 📣 About ME 📒Old Blog 📌 Advertisements 🌐 SiteMap 🗂 Resources 🔭 RSS.xml
时间轴 📈
2026 📅
| Time | Name | Tags | | ----- | ------------------------------------------------------------ | -------------- | | 03/06 | 别让大模型_想太多_:SKILL开发中的语义陷阱与抗幻觉设计 | AI/SKILL/语义陷阱 |
2022 📅
| Time | Name | Tags | | ----- | ------------------------------------------------------------ | -------------- | | 12/09 | VMWare-Workspace-ONE-Access-Auth-Bypass | 漏洞分析/Java/RCE | | 09/28 | Spring-Framework-RCE-CVE-2022-22965漏洞分析 | 漏洞分析/Java/RCE | | 08/08 | 相似度算法调研 | 算法/go | | 07/19 | [CVE-2022-33891 Apache Spark shell command injection](./2022/CVE-2022-33891 Apache Spark shell command injection.md) | 命令执行/Spark | | 07/05 | 正则匹配配置不当 | 正则匹配Java/正则匹配 | | 06/22 | [CVE-2022-22980 Mongodb SpEL](./2022/CVE-2022-22980 Mongodb SpEL.md) | Java/SpEL/CodeQL | | 03/29 | CodeQL Usage Tricks | CodeQL/Tricks/Java | | 03/18 | [Spring Boot RCE到内存马探索](./2022/Spring Boot RCE到内存马探索.md) | Spring/RCE/MemShell | | 03/14 | Shiro后渗透拓展面 | Shiro/Agent/Web/Java | | 03/02 | shiro反序列化漏洞攻击拓展面--修改key | shiro/key/Java/Web | | 03/10 | [GitHub Java CodeQL CTF](./2022/GitHub Java CodeQL CTF.md) | CodeQL/Java/CTF | | 02/27 | Hack-Tools2Web | Hack/Tools/Web | | 02/21 | CodeQL与Shiro550碰撞 | CodeQL/Java/Shiro | | 02/21 | CodeQL初见Shiro550 | CodeQL/Java/Shiro | | 02/20 | CodeQL与AST之间联系 | CodeQL/AST/Java | | 02/15 | Java加载动态链接库方式 | Java/DLL/Load | | 01/20 | Log4j2漏洞分析 | Log4j2/Java/Vul | | 01/08 | PL-4-Interprocedural Analysis | PL | | 01/07 | PL-3-Data Analysis Foundation | PL | | 01/06 | PL-2-Data-Flow-Analysis | PL | | 01/04 | PL-1-Intermediate-Representation | PL |
2021 📅
| Time | Name | Tags | | ----- | ------------------------------------------------------------ | -------------- | | 04/15 | PII泄露--用CodeQL识别日志中的PII数据 | CodeQL/Java | | 04/24 | CodeQL workshop for Java Unsafe deserialization in Apache Struts | CodeQL/Java | | 06/05 | weblogic之CVE-2020-2551iiop反序列化漏洞分析 | Java | | 06/05 | weblogic之CVE-2020-2551iiop反序列化漏洞复现 | Java | | 07/15 | Fastjson回显 | Java/Fastjson | | 07/21 | Tomcat通用回显学习笔记 | Java | | 08/03 | 从Java反序列化漏洞题看CodeQL数据流 | CodeQL/Java | | 11/01 | Shiro-550反序列化漏洞分析 | shiro550/Java | | 11/09 | 记一次Log4j失败的Gadget挖掘记录 | CodeQL/Java | | 11/15 | ysoserial改造记录 | ysoserial/Java | | 11/30 | JNDI注入 | JNDI/Java | | 12/08 | shiro-JRMP-gadget | shiro/exp | | 12/21 | Fastjson_Mysql_gadget复现 | fastjson/exp | | 12/31 | 2021年度总结 | 总结 |
Related Skills
node-connect
341.0kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
84.4kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
341.0kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
commit-push-pr
84.4kCommit, push, and open a PR
