这篇文章主要是看到某些文章后有感而发
- zip格式特征:PK*
- zip+base64:UE*
- gzip+base64:H4s*
- “AC ED 00 05” in Hex
- “rO0” in Base64
- Content-type = ‘application/x-java-serialized-object
https://medium.com/@D0rkerDevil/how-i-found-a-1500-worth-deserialization-vulnerability-9ce753416e0a