CVE-2017-8046

This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046).

spring-break_cve-2017-8046 This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046) This software is written to have as less external dependencies as possible DISCLAIMER This tool is intended for security engineers and appsec guys for security assessments Please use this tool responsibly I do not take responsibility for the way in which any one uses t

spring-break_cve-2017-8046 This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046) This software is written to have as less external dependencies as possible DISCLAIMER This tool is intended for security engineers and appsec guys for security assessments Please use this tool responsibly I do not take responsibility for the way in which any one uses t

PoC for SpringBreak (CVE-2017-8046)

SpringBreakPoC I needed a tool to test several different endpoints for the recently disclosed SpringBreak vulnerability (CVE-2017-8046) and couldn't find one, so I threw this together Usage _______ _______ _______ _________ _ _______ ______ _______ _______ _______ _ ( ____ \( ____ )( ____ )\__ __/( ( /|( ____ \( ___ \ ( ____ )( ____ \( ___ )|

spring-break_cve-2017-8046 This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046) This software is written to have as less external dependencies as possible DISCLAIMER This tool is intended for security engineers and appsec guys for security assessments Please use this tool responsibly I do not take responsibility for the way in which any one uses t

Disclaimer Notwithstanding anything that may be contained to the contrary in your agreement(s) with Sysdig, Sysdig provides no support, no updates, and no warranty or guarantee of any kind with respect to these script(s), including as to their functionality or their ability to work in your environment(s) Sysdig disclaims all liability and responsibility with respect to any use

JAVA_WEB_APPLICATION_COLLECTION CVE: CVE-2017-8046: Spring Data Rest RCE githubcom/vulhub/vulhub/tree/master/spring/CVE-2017-8046 CVE-2018-1196: Symlink privilege escalation attack via Spring Boot launch script

An intentionally vulnerable (CVE-2017-8046) SrpingData REST appl with Swagger Support for pentesting purposes

Vulnerable Spring DataRest App This is an intentionally Spring Data REST Application to test and demostrate the CVE-2017-8046 vulnerability and the challenges of testing Command Injection and Remote Code Execution via REST apis It has support for Swagger UI to use with tools where Swagger documention helps discovery and spidering, such as the OWASP Zend Attack Proxy (ZAP) plugi

SPRING DATA REST CVE-2017-8046 DEMO

spring data rest CVE-2017-8046 demo test please UPGRADE spring data rest NOW steps 启动本应用 创建test instance POST /entityPersons/ HTTP/11 Host: localhost:8080 Content-Type: application/json Cache-Control: no-cache { "firstName":"f2" } 利用spel注入, 会启动C:\Windows\system32\calcexe PATC

This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046).

CVE-2017-8046 (Spring Break) This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046) Disclaimer This tool is intended for security engineers and appsec guys for security assessments Please use this tool responsibly I do not take responsibility for the way in which any one uses this application I am NOT responsible for any damages caused or any crimes

Spring Data Rest 远程命令执行漏洞（CVE-2017-8046） Spring Data REST是一个构建在Spring Data之上，为了帮助开发者更加容易地开发REST风格的Web服务。在REST API的Patch方法中（实现RFC6902），path的值被传入setValue，导致执行了SpEL表达式，触发远程命令执行漏洞。 参考链接： xxlegendcom/2017/09/29/Sprin

WARNING: This is a vulnerable application to test the exploit for the Spring Break vulnerability (CVE-2017-8046). Run it at your own risk!

Spring Break Vulnerable Application This is a vulnerable application to test the exploit for the Spring Break vulnerability (CVE-2017-8046) WARNING! This application contains serious security vulnerabilities Run it at your own risk! It is recommended using a backed-up and sheltered environment (such as a VM with a recent snapshot and host-only networking) Do not upload this

cve-2017-8046

CVE-2017-8046 This is part of Cved: a tool to manage vulnerable docker containers Cved: githubcom/git-rep-src/cved Image source: githubcom/cved-sources/cve-2017-8046 Image author: githubcom/Medicean/VulApps/tree/master/s/spring/1