admin/VulApps
1
0
Fork 0
mirror of https://github.com/Medicean/VulApps.git synced 2025-06-20 18:00:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

(Update Vul: Spring) Spring Data REST PATCH请求代码执行漏洞(CVE-2017-8046)

Browse Source 
删除原 jar 包中 mongodb 依赖
This commit is contained in:
Medicean 2017-09-29 13:08:50 +08:00
parent 21b9b4e30d
commit e64faad6d9
3 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
s/spring/1/Dockerfile
View File

@ -1,7 +1,7 @@
FROM openjdk:8-jdk
MAINTAINER Medici.Yan@Gmail.com
ENV JAR_URL http://vulapps.poetn.cc/s/spring/spring-data-rest/spring-data-rest-cve-2017-8046.jar
ENV JAR_URL http://vulapps.poetn.cc/s/spring/spring-data-rest/spring-data-rest-cve-2017-8046_v2.jar
COPY src/start.sh /start.sh

6
s/spring/1/README.md
View File

@ -28,8 +28,6 @@ $ docker run -d -p 8080:8080 medicean/vulapps:s_spring_1
1. 访问 `http://127.0.0.1:8080/`,测试服务是否启动成功
> 第一次启动时会下载 mongodb网速慢的可能要多等一会儿
![](https://github.com/Medicean/VulApps/raw/master/s/spring/1/poc-1.png)
2. 利用 POST 请求添加一个数据
@ -66,3 +64,7 @@ Content-Length: 228
### 参考链接
* [这个Spring高危漏洞你修补了吗-- 其河@美团点评技术团队](https://mp.weixin.qq.com/s/uTiWDsPKEjTkN6z9QNLtSA)
### 改动日志
* 2017/09/29 删除原 jar 包中 mongodb 依赖

BIN
s/spring/1/poc-1.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 59 KiB

After

Width:  |  Height:  |  Size: 61 KiB