Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 7945924

Browse files
committed
add springboot-eureka-xstream-rce environment
1 parent 8ec8e89 commit 7945924

File tree

6 files changed

+146
-1
lines changed

6 files changed

+146
-1
lines changed

‎README.md

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -435,7 +435,7 @@ http://127.0.0.1:9092/env
435435

436436

437437

438-
### 0x03:XStream deserialization RCE
438+
### 0x03:eureka xstream deserialization RCE
439439

440440
#### **利用条件:**
441441

@@ -522,6 +522,18 @@ Content-Type: application/json
522522

523523

524524

525+
#### 漏洞环境:
526+
527+
[repository/springboot-eureka-xstream-rce](https://github.com/LandGrey/SpringBootVulExploit/tree/master/repository/springboot-eureka-xstream-rce)
528+
529+
正常访问:
530+
531+
```
532+
http://127.0.0.1:9093/env
533+
```
534+
535+
536+
525537
### 0x04:Jolokia logback JNDI RCE
526538

527539
#### **利用条件:**
Lines changed: 81 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,81 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<project xmlns="http://maven.apache.org/POM/4.0.0"
3+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4+
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
5+
<modelVersion>4.0.0</modelVersion>
6+
7+
<groupId>org.example</groupId>
8+
<artifactId>springboot-eureka-xstream-rce</artifactId>
9+
<version>1.0-SNAPSHOT</version>
10+
11+
<properties>
12+
<java.version>1.8</java.version>
13+
<springboot.version>1.4.7.RELEASE</springboot.version>
14+
<netflix.eureka.version>1.4.0.RELEASE</netflix.eureka.version>
15+
16+
<spring-cloud-commons.version>1.1.3.RELEASE</spring-cloud-commons.version>
17+
<spring-cloud-netflix.version>1.2.0.RELEASE</spring-cloud-netflix.version>
18+
</properties>
19+
20+
<dependencies>
21+
<dependency>
22+
<groupId>org.springframework.boot</groupId>
23+
<artifactId>spring-boot-starter-web</artifactId>
24+
<version>${springboot.version}</version>
25+
</dependency>
26+
27+
<dependency>
28+
<groupId>org.springframework.boot</groupId>
29+
<artifactId>spring-boot-starter-actuator</artifactId>
30+
<version>${springboot.version}</version>
31+
</dependency>
32+
33+
<dependency>
34+
<groupId>org.springframework.cloud</groupId>
35+
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
36+
<version>${netflix.eureka.version}</version>
37+
</dependency>
38+
39+
</dependencies>
40+
41+
<dependencyManagement>
42+
<dependencies>
43+
<!-- import dependency way 1-->
44+
<dependency>
45+
<groupId>org.springframework.cloud</groupId>
46+
<artifactId>spring-cloud-commons-dependencies</artifactId>
47+
<version>${spring-cloud-commons.version}</version>
48+
<type>pom</type>
49+
<scope>import</scope>
50+
</dependency>
51+
52+
<dependency>
53+
<groupId>org.springframework.cloud</groupId>
54+
<artifactId>spring-cloud-netflix-dependencies</artifactId>
55+
<version>${spring-cloud-netflix.version}</version>
56+
<type>pom</type>
57+
<scope>import</scope>
58+
</dependency>
59+
60+
<!-- import dependency way 2 -->
61+
<!-- <dependency>-->
62+
<!-- <groupId>org.springframework.cloud</groupId>-->
63+
<!-- <artifactId>spring-cloud-dependencies</artifactId>-->
64+
<!-- <version>Camden.RELEASE</version>-->
65+
<!-- <type>pom</type>-->
66+
<!-- <scope>import</scope>-->
67+
<!-- </dependency>-->
68+
</dependencies>
69+
</dependencyManagement>
70+
71+
<build>
72+
<plugins>
73+
<plugin>
74+
<groupId>org.springframework.boot</groupId>
75+
<artifactId>spring-boot-maven-plugin</artifactId>
76+
<version>${springboot.version}</version>
77+
</plugin>
78+
</plugins>
79+
</build>
80+
81+
</project>
Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<module type="JAVA_MODULE" version="4" />
Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
package landgrey;
2+
3+
import org.springframework.boot.SpringApplication;
4+
import org.springframework.boot.autoconfigure.SpringBootApplication;
5+
import org.springframework.cloud.netflix.eureka.EnableEurekaClient;
6+
7+
@SpringBootApplication
8+
@EnableEurekaClient
9+
public class Application {
10+
public static void main(String[] args){
11+
SpringApplication.run(Application.class,args);
12+
}
13+
}
Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
package landgrey.controller;
2+
3+
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
4+
import org.springframework.web.bind.annotation.RequestMapping;
5+
import org.springframework.web.bind.annotation.RestController;
6+
7+
@RestController
8+
@EnableAutoConfiguration
9+
public class Article {
10+
@RequestMapping("/article")
11+
public String hello(String id){
12+
int total = 100;
13+
String message = String.format("You've read %s books, and there are %d left", id, total - Integer.valueOf(id));
14+
return message;
15+
}
16+
}
Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
server.port=9093
2+
server.address=127.0.0.1
3+
4+
# vulnerable configuration set 0: spring boot 1.0 - 1.4
5+
# all spring boot versions 1.0 - 1.4 expose actuators by default without any parameters
6+
# no configuration required to expose them
7+
8+
# safe configuration set 0: spring boot 1.0 - 1.4
9+
#management.security.enabled=true
10+
11+
# vulnerable configuration set 1: spring boot 1.5+
12+
# spring boot 1.5+ requires management.security.enabled=false to expose sensitive actuators
13+
#management.security.enabled=false
14+
15+
# safe configuration set 1: spring boot 1.5+
16+
# when 'management.security.enabled=false' but all sensitive actuators explicitly disabled
17+
#management.security.enabled=false
18+
19+
# vulnerable configuration set 2: spring boot 2+
20+
#management.endpoints.web.exposure.include=*
21+
#management.endpoint.env.post.enabled=true

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /