Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-21234 PoC — Lukashinsch Spring Boot Actuator Logview 路径遍历漏洞

Source
https://github.com/Threekiii/Awesome-POC/blob/master/%E5%BC%80%E5%8F%91%E6%A1%86%E6%9E%B6%E6%BC%8F%E6%B4%9E/Spring%20Boot%20%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%20CVE-2021-21234.md
Associated Vulnerability
Title:Lukashinsch Spring Boot Actuator Logview 路径遍历漏洞 (CVE-2021-21234)
Description:Lukashinsch Spring Boot Actuator Logview是Ffay(Lukashinsch)个人开发者的一个为Spring Boot提供通过Web界面查看日志功能的代码库。 spring-boot-actuator-logview 0.2.13之前版本存在路径遍历漏洞,该漏洞源于filename参数未被检查。
File Snapshot

 # Spring Boot 目录遍历 CVE-2021-21234

## 漏洞描述

spring-boot-actuator-logview 是一个简单的日志文件查看器,在 0.2.13 版本之前

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.