Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-3625 PoC — Pivotal Software Spring Framework 目录遍历漏洞

Source
https://github.com/ilmila/springcss-cve-2014-3625
Associated Vulnerability
Title:Pivotal Software Spring Framework 目录遍历漏洞 (CVE-2014-3625)
Description:Pivotal Spring Framework是美国Pivotal Software公司的一套开源的Java、Java EE应用程序框架。该框架可帮助开发人员构建高质量的应用。 Pivotal Software Spring Framework中存在目录遍历漏洞。远程攻击者可利用该漏洞读取任意文件。以下版本受到影响:Pivotal Software Spring Framework 3.0.4版本至3.2.12之前3.2.x版本,4.0.8之前4.0.x版本,4.1.2之前4.1.x版本。
Description
spring mvc cve-2014-3625
File Snapshot

 [4.0K]  /data/pocs/79f6a15b92504175c90db2b769f79d514176e8ba
├── [2.4K]  pom.xml
├── [4.0K]  src
│   ├── [4.0K]  main
│   │   ├── [4.0K]  java
│   │   │   └── [4.0K]  com
│   │   │       └── [4.0K]  mkyong
│   │   │           └── [4.0K]  web
│   │   │               └── [4.0K]  controller
│   │   │                   └── [ 494]  HelloController.java
│   │   └── [4.0K]  webapp
│   │       ├── [4.0K]  META-INF
│   │       │   └── [  91]  context.xml
│   │       ├── [4.0K]  resources
│   │       │   ├── [   7]  test.txt
│   │       │   └── [4.0K]  theme1
│   │       │       ├── [4.0K]  css
│   │       │       │   └── [  18]  main.css
│   │       │       └── [4.0K]  js
│   │       │           ├── [ 91K]  jquery.1.10.2.min.js
│   │       │           └── [  88]  main.js
│   │       └── [4.0K]  WEB-INF
│   │           ├── [4.0K]  pages
│   │           │   ├── [ 558]  hello1.jsp
│   │           │   └── [ 439]  hello.jsp
│   │           ├── [1.2K]  spring-web-config.xml
│   │           ├── [   7]  test.txt
│   │           └── [1.3K]  web.xml
│   └── [4.0K]  test
│       ├── [4.0K]  java
│       │   ├── [4.0K]  com
│       │   │   └── [4.0K]  mkyong
│       │   │       └── [4.0K]  web
│       │   │           └── [4.0K]  controller
│       │   │               ├── [5.2K]  ExplorativeTestNoauto.java
│       │   │               ├── [ 15K]  FailingRequest.java
│       │   │               ├── [ 12K]  FailingServletContext.java
│       │   │               └── [5.2K]  NoautoTestInvalidPath.java
│       │   └── [4.0K]  org
│       │       └── [4.0K]  springframework
│       │           └── [4.0K]  web
│       │               └── [4.0K]  servlet
│       │                   └── [4.0K]  resource
│       │                       └── [ 344]  ILoveProtectedAccess.java
│       └── [4.0K]  resources
│           └── [4.0K]  com
│               └── [4.0K]  mkyong
│                   └── [4.0K]  web
│                       └── [4.0K]  controller
│                           ├── [4.0K]  test
│                           │   ├── [  19]  bar.css
│                           │   └── [  17]  foo.css
│                           └── [4.0K]  testsecret
│                               └── [104K]  secret.txt
└── [  70]  stealfile.sh

33 directories, 21 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.