关联漏洞
描述
PoC for SpringBreak (CVE-2017-8046)
介绍
# SpringBreakPoC
I needed a tool to test several different endpoints for the recently disclosed SpringBreak vulnerability (CVE-2017-8046) and couldn't find one, so I threw this together.
# Usage
```
_______ _______ _______ _________ _ _______ ______ _______ _______ _______ _
( ____ \( ____ )( ____ )\__ __/( ( /|( ____ \( ___ \ ( ____ )( ____ \( ___ )| \ /\
| ( \/| ( )|| ( )| ) ( | \ ( || ( \/| ( ) )| ( )|| ( \/| ( ) || \ / /
| (_____ | (____)|| (____)| | | | \ | || | | (__/ / | (____)|| (__ | (___) || (_/ /
(_____ )| _____)| __) | | | (\ \) || | ____ | __ ( | __)| __) | ___ || _ (
) || ( | (\ ( | | | | \ || | \_ )| ( \ \ | (\ ( | ( | ( ) || ( \ \
/\____) || ) | ) \ \_____) (___| ) \ || (___) || )___) )| ) \ \__| (____/\| ) ( || / \
\_______)|/ |/ \__/\_______/|/ )_)(_______)|/ \___/ |/ \__/(_______/|/ \||_/ \/
PoC for CVE-2017-8046. Available commands:
target <https://host/app/path>
exec <command to execute on target>
base64 <on|off> (Toggles base64 encoding of commands (uses bash), default: on)
verify <on|off> (Toggles SSL verification, default: on)
exit
Note: This is blind RCE, commands executed will not return output.
SpringBreak>
```
These should be self explanitory, but to expand on base64:
**base64** is on by default and will convert commands to base64 and wrap them in `bash -c {echo,BASE64_COMMAND}|{base64,-d}|{bash,-i}`. Disabling will send raw commands through (after converting to byte array).
# References
* https://lgtm.com/blog/spring_data_rest_CVE-2017-8046_ql
文件快照
[4.0K] /data/pocs/3905ac93b87d4932795457d80ae99d56566c52d0
├── [1.6K] README.md
└── [3.5K] SpringBreakPOC.rb
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。