CVE-2014-3625 PoC — Pivotal Software Spring Framework 目录遍历漏洞

Source

https://github.com/gforresu/SpringPathTraversal

Associated Vulnerability

Title:Pivotal Software Spring Framework 目录遍历漏洞 (CVE-2014-3625)
Description:Pivotal Spring Framework是美国Pivotal Software公司的一套开源的Java、Java EE应用程序框架。该框架可帮助开发人员构建高质量的应用。 Pivotal Software Spring Framework中存在目录遍历漏洞。远程攻击者可利用该漏洞读取任意文件。以下版本受到影响：Pivotal Software Spring Framework 3.0.4版本至3.2.12之前3.2.x版本，4.0.8之前4.0.x版本，4.1.2之前4.1.x版本。

Description

String MVC Framework Path-Traversal proof of concept. CVE-2014-3625

File Snapshot


 [4.0K]  /data/pocs/48fd664e3544d946406ca26c04f9a3fc7fdcc4a6
├── [4.0K]  lib
│   ├── [4.4K]  aopalliance-1.0.jar
│   ├── [ 60K]  commons-logging-1.2.jar
│   ├── [351K]  spring-aop-4.1.0.RELEASE.jar
│   ├── [ 55K]  spring-aspects-4.1.0.RELEASE.jar
│   ├── [685K]  spring-beans-4.1.0.RELEASE.jar
│   ├── [999K]  spring-context-4.1.0.RELEASE.jar
│   ├── [173K]  spring-context-support-4.1.0.RELEASE.jar
│   ├── [981K]  spring-core-4.1.0.RELEASE.jar
│   ├── [244K]  spring-expression-4.1.0.RELEASE.jar
│   ├── [7.1K]  spring-instrument-4.1.0.RELEASE.jar
│   ├── [ 10K]  spring-instrument-tomcat-4.1.0.RELEASE.jar
│   ├── [418K]  spring-jdbc-4.1.0.RELEASE.jar
│   ├── [260K]  spring-jms-4.1.0.RELEASE.jar
│   ├── [278K]  spring-messaging-4.1.0.RELEASE.jar
│   ├── [364K]  spring-orm-4.1.0.RELEASE.jar
│   ├── [ 80K]  spring-oxm-4.1.0.RELEASE.jar
│   ├── [490K]  spring-test-4.1.0.RELEASE.jar
│   ├── [245K]  spring-tx-4.1.0.RELEASE.jar
│   ├── [681K]  spring-web-4.1.0.RELEASE.jar
│   ├── [756K]  spring-webmvc-4.1.0.RELEASE.jar
│   ├── [173K]  spring-webmvc-portlet-4.1.0.RELEASE.jar
│   └── [353K]  spring-websocket-4.1.0.RELEASE.jar
├── [4.0K]  out
│   ├── [4.0K]  artifacts
│   │   └── [4.0K]  springMVC_war_exploded
│   │       └── [7.1M]  springMVC_war exploded.war
│   └── [4.0K]  production
│       └── [4.0K]  springMVC
│           ├── [1.1K]  ConfigClass.class
│           ├── [1.9K]  MainController.class
│           └── [5.7K]  ResourceProvider.class
├── [1.7K]  springMVC.iml
├── [4.0K]  src
│   ├── [ 810]  ConfigClass.java
│   ├── [2.2K]  MainController.java
│   └── [5.4K]  ResourceProvider.java
└── [4.0K]  web
    ├── [4.0K]  resources
    │   └── [ 184]  actors.xml
    └── [4.0K]  WEB-INF
        ├── [ 354]  applicationContext.xml
        ├── [ 359]  dispatcher-servlet.xml
        ├── [ 376]  hacked.jsp
        ├── [ 658]  hello.jsp
        └── [ 948]  web.xml

10 directories, 36 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!