Share
## https://sploitus.com/exploit?id=06D0C38D-C4BF-53FB-A3AF-F6F83A71A24A
This is a PoC exploit for CVE-2021-3393, a Java source code static code analysis and danger function identifier program. The tool, named JavaID, identifies dangerous functions in Java source code by way of regular matching. It targets Java vulnerabilities such as XXE, Java Object Deserialization, and SSRF. The tool can identify functions like "SAXReader", "DocumentBuilder", "XMLStreamReader", "SAXBuilder", "SAXParser", "XMLReader", "SAXSource", "TransformerFactory", "SAXTransformerFactory", "SchemaFactory", "Unmarshaller", "XPathExpression" for XXE, and "readObject", "readUnshared", "Yaml.load", "fromXML", "ObjectMapper.readValue", "JSON.parseObject" for Java Object Deserialization. It can also identify functions like "HttpClient", "URL", "HttpURLConnection" for SSRF. The tool is typically invoked by running the "javaid.py" script, which takes no arguments. Preconditions for the tool to work include a Java source code file to analyze, and the tool assumes that the file is in a format that can be parsed by the Java compiler. The expected impact of the tool is to identify potential security vulnerabilities in the analyzed Java source code.