CVE-2022-40146 PoC — Apache XML Graphics Batik代码问题漏洞

Source

https://github.com/soulfoodisgood/CVE-2022-40146

Associated Vulnerability

Title:Apache XML Graphics Batik代码问题漏洞 (CVE-2022-40146)
Description:Apache XML Graphics Batik是美国阿帕奇（Apache）基金会的一套基于Java的主要用于处理SVG格式图像的应用程序。 Apache XML Graphics Batik 1.0到 1.14版本存在安全漏洞，该漏洞源于允许攻击者使用 Jar url 访问文件。

Description

Vulnerable svg-to-png service

File Snapshot


 [4.0K]  /data/pocs/493cd7470202c0a78a045d3e39f21f7c8be62690
├── [2.5K]  ApacheBatik_SSRF_RCE_Poc-1.0-SNAPSHOT.jar
└── [4.0K]  SvgToJpeg
    ├── [   0]  demo.jpg
    ├── [2.8K]  pom.xml
    ├── [4.0K]  src
    │   └── [4.0K]  main
    │       ├── [4.0K]  java
    │       │   └── [4.0K]  com
    │       │       └── [4.0K]  example
    │       │           └── [4.0K]  svgtojpg
    │       │               ├── [1.6K]  SvgController.java
    │       │               └── [ 333]  SvgToJpegApplication.java
    │       └── [4.0K]  resources
    │           └── [  17]  application.properties
    └── [4.0K]  target
        ├── [4.0K]  classes
        │   ├── [  17]  application.properties
        │   └── [4.0K]  com
        │       └── [4.0K]  example
        │           └── [4.0K]  svgttojpeg
        │               ├── [2.7K]  SvgController.class
        │               └── [ 730]  SvgToJpegApplication.class
        └── [4.0K]  maven-status
            └── [4.0K]  maven-compiler-plugin
                └── [4.0K]  compile
                    └── [4.0K]  default-compile
                        ├── [  93]  createdFiles.lst
                        └── [ 177]  inputFiles.lst

17 directories, 11 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!