Spring Core RCE

影响范围：JDK>=9 的spring框架及衍生框架

文章指路

脚本仅供学习使用，如作他用所承受的法律责任一概与作者无关

1.installation

pip3 install -r requirements.txt

2.Usage

$ python3 spring-core-rce.py -h

 .----..-.-. .---. .-..-. .-..----.     .----. .---. .---. .----.     .---. .----..----.
{ {__-`| } }}} }}_}{ ||  \{ || |--' ___ | }`-'/ {-. \} }}_}} |__} ___ } }}_}| }`-'} |__}
.-._} }| |-' | } \ | }| }\  {| }-`}{___}| },-.\ '-} /| } \ } '__}{___}| } \ | },-.} '__}
`----' `-'   `-'-' `-'`-' `-'`----'     `----' `---' `-'-' `----'     `-'-' `----'`----'


                                                 Spring framework Core RCE
                                                                  By:K3rwin
usage: spring-core-rce.py [-h] [-u URL] [-s SYSTEM]

Spring framework Core RCE 帮助指南

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     指定url
  -s SYSTEM, --system SYSTEM
                        指定目标主机操作系统,默认linux,参数为win/linux

3.example

使用 -u指定url，-s指定操作系统参数为：linux 或者 win，默认为linux

python3 spring-core-rce.py -u "http://1.117.155.217:8080/" -s "linux"

4.Target

①.本地搭建docker靶场:

docker pull vulfocus/spring-core-rce-2022-03-29:latest

docker run -d -p 8080:8080 --name spring-core-rce -it vulfocus/spring-core-rce-2022-03-29

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
README.assets		README.assets
README.md		README.md
requirements.txt		requirements.txt
spring-core-rce.py		spring-core-rce.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Spring Core RCE

1.installation

2.Usage

3.example

4.Target

①.本地搭建docker靶场:

②.在线靶场

About

Releases

Packages

Languages

litelshit/spring-core-rce

Folders and files

Latest commit

History

Repository files navigation

Spring Core RCE

1.installation

2.Usage

3.example

4.Target

①.本地搭建docker靶场:

②.在线靶场

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages