java-exploit-chain

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document contains explicit, actionable exploit instructions (ysoserial/marshalsec usage, JNDI remote classloading, Redis crontab writes, webshell creation, JWT forging, Shiro default-key exploitation, payload base64/serving) that enable data exfiltration, credential theft, remote code execution and persistent backdoors, so it has high malicious abuse potential despite being framed as a defensive audit guide.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly requires cross-checking dependencies against public NVD/GitHub Advisory data ("NVD/GitHub Advisory 交叉比对: 使用 NVD API 或 GitHub Advisory Database") so it fetches and interprets untrusted third‑party advisory content as part of its workflow, which can materially influence exploitability decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs at runtime to host and reference a remote HTTP/JNDI payload (e.g., "http://攻击机:8888/#Exploit" and corresponding "ldap://攻击机:1389/Exploit" / "rmi://攻击机:1099/Exploit"), which the target will fetch and instantiate as remote Java classes, thereby executing remote code and directly controlling the exploit flow.