https://xvshifu.github.io/xvsf/tags/ssti/Recent content in SSTI on xvsfhttps://xvshifu.github.io/xvsf/img/1.pnghttps://xvshifu.github.io/xvsf/img/1.pngHugo -- 0.160.1zh-cnWed, 07 Jan 2026 10:00:00 +0800https://xvshifu.github.io/xvsf/posts/%E8%8B%A5%E4%BE%9D4.8.1%E6%BC%8F%E6%B4%9E-ssti%E7%BB%95%E8%BF%87%E8%8E%B7%E5%8F%96shirokey%E8%87%B3rce/Wed, 07 Jan 2026 10:00:00 +0800https://xvshifu.github.io/xvsf/posts/%E8%8B%A5%E4%BE%9D4.8.1%E6%BC%8F%E6%B4%9E-ssti%E7%BB%95%E8%BF%87%E8%8E%B7%E5%8F%96shirokey%E8%87%B3rce/<h1 id="参考文章">参考文章：</h1> <p>若依最新版本4.8.1漏洞 SSTI绕过获取ShiroKey至RCE(全JAVA版本绕过，附带POC)</p> <p><a href="https://mp.weixin.qq.com/s/4yi0UOTgBCsGK6J8qSz8tQ">https://mp.weixin.qq.com/s/4yi0UOTgBCsGK6J8qSz8tQ</a></p> <p>某依最新版本稳定4.8.1 RCE (Thymeleaf模板注入绕过)</p>