├── .github └── workflows │ └── maven.yml ├── .gitignore ├── .idea ├── $PROJECT_FILE$ ├── .gitignore ├── artifacts │ └── yaml_payload.xml ├── codeStyles │ └── codeStyleConfig.xml ├── compiler.xml ├── inspectionProfiles │ └── Project_Default.xml ├── jarRepositories.xml ├── misc.xml ├── qaplug_profiles.xml ├── uiDesigner.xml └── vcs.xml ├── LICENSE ├── README.md ├── assembly.xml ├── pom.xml └── src ├── main ├── java │ └── com │ │ └── drops │ │ ├── entity │ │ ├── ControllersFactory.java │ │ └── RequestInfo.java │ │ ├── exp │ │ ├── EurekaXstreamRCEEXP.java │ │ ├── H2DatabaseConsoleJNDIRCEEXP.java │ │ ├── JolokiaLogbackRCEEXP.java │ │ ├── JolokiaRealmRCEEXP.java │ │ ├── RestartH2DatabaseQueryRCEEXP.java │ │ ├── SnakeYAMLRCEEXP.java │ │ ├── SpELRCEEXP.java │ │ ├── SpringCloudGatewayRCEEXP.java │ │ └── util │ │ │ ├── EnvPost.java │ │ │ ├── H2DatabaseUtil.java │ │ │ ├── JolokiaUtil.java │ │ │ ├── RefreshPost.java │ │ │ └── VersionUtil.java │ │ ├── main │ │ ├── AttackService.java │ │ └── Main.java │ │ ├── poc │ │ ├── EurekaXstreamRCEPOC.java │ │ ├── H2DatabaseConsoleJNDIRCEPOC.java │ │ ├── JolokiaLogbackRCEPOC.java │ │ ├── JolokiaRealmJNDIRCEPOC.java │ │ ├── POC.java │ │ ├── SnakeYAMLRCEPOC.java │ │ ├── SpringBootEnvInfo.java │ │ ├── SpringBootInfo.java │ │ ├── SpringBootInfoCheck.java │ │ ├── SpringBootUtil.java │ │ ├── SpringCloudGatewayRCEPOC.java │ │ └── package-info.java │ │ ├── ui │ │ └── MainController.java │ │ ├── utils │ │ ├── Console.java │ │ ├── HTTPUtils.java │ │ ├── HttpUtil.java │ │ ├── LDAPUtil.java │ │ ├── MyCert.java │ │ ├── PropertiesBean.java │ │ ├── ReUtil.java │ │ ├── Reflections.java │ │ ├── ResponseUtil.java │ │ ├── SpelUtils.java │ │ ├── StringRandom.java │ │ ├── URLUtil.java │ │ ├── Utils.java │ │ ├── ldapserver.java │ │ └── rmiserver.java │ │ └── x │ │ ├── AntSwordFilter.java │ │ ├── AntSwordServlet.java │ │ ├── BehinderFilter.java │ │ ├── BehinderServlet.java │ │ ├── GodzillaFilter.java │ │ ├── GodzillaServlet.java │ │ ├── GodzillaTomServlet.java │ │ ├── NeoreGeorgFilter.java │ │ ├── NeoreGeorgServlet.java │ │ ├── reGeorgFilter.java │ │ └── reGeorgServlet.java └── resources │ └── a.fxml └── test └── java ├── 0cat.class ├── Client.java ├── LdapClient.java ├── demo.java ├── gateway.java └── spel.java /.github/workflows/maven.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/.github/workflows/maven.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | target/** 2 | .idea/** -------------------------------------------------------------------------------- /.idea/$PROJECT_FILE$: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/.idea/$PROJECT_FILE$ -------------------------------------------------------------------------------- /.idea/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/.idea/.gitignore -------------------------------------------------------------------------------- /.idea/artifacts/yaml_payload.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/.idea/artifacts/yaml_payload.xml -------------------------------------------------------------------------------- /.idea/codeStyles/codeStyleConfig.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/.idea/codeStyles/codeStyleConfig.xml -------------------------------------------------------------------------------- /.idea/compiler.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/.idea/compiler.xml -------------------------------------------------------------------------------- /.idea/inspectionProfiles/Project_Default.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/.idea/inspectionProfiles/Project_Default.xml -------------------------------------------------------------------------------- /.idea/jarRepositories.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/.idea/jarRepositories.xml -------------------------------------------------------------------------------- /.idea/misc.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/.idea/misc.xml -------------------------------------------------------------------------------- /.idea/qaplug_profiles.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/.idea/qaplug_profiles.xml -------------------------------------------------------------------------------- /.idea/uiDesigner.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/.idea/uiDesigner.xml -------------------------------------------------------------------------------- /.idea/vcs.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/.idea/vcs.xml -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/README.md -------------------------------------------------------------------------------- /assembly.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/assembly.xml -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/pom.xml -------------------------------------------------------------------------------- /src/main/java/com/drops/entity/ControllersFactory.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/entity/ControllersFactory.java -------------------------------------------------------------------------------- /src/main/java/com/drops/entity/RequestInfo.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/entity/RequestInfo.java -------------------------------------------------------------------------------- /src/main/java/com/drops/exp/EurekaXstreamRCEEXP.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/exp/EurekaXstreamRCEEXP.java -------------------------------------------------------------------------------- /src/main/java/com/drops/exp/H2DatabaseConsoleJNDIRCEEXP.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/exp/H2DatabaseConsoleJNDIRCEEXP.java -------------------------------------------------------------------------------- /src/main/java/com/drops/exp/JolokiaLogbackRCEEXP.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/exp/JolokiaLogbackRCEEXP.java -------------------------------------------------------------------------------- /src/main/java/com/drops/exp/JolokiaRealmRCEEXP.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/exp/JolokiaRealmRCEEXP.java -------------------------------------------------------------------------------- /src/main/java/com/drops/exp/RestartH2DatabaseQueryRCEEXP.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/exp/RestartH2DatabaseQueryRCEEXP.java -------------------------------------------------------------------------------- /src/main/java/com/drops/exp/SnakeYAMLRCEEXP.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/exp/SnakeYAMLRCEEXP.java -------------------------------------------------------------------------------- /src/main/java/com/drops/exp/SpELRCEEXP.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/exp/SpELRCEEXP.java -------------------------------------------------------------------------------- /src/main/java/com/drops/exp/SpringCloudGatewayRCEEXP.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/exp/SpringCloudGatewayRCEEXP.java -------------------------------------------------------------------------------- /src/main/java/com/drops/exp/util/EnvPost.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/exp/util/EnvPost.java -------------------------------------------------------------------------------- /src/main/java/com/drops/exp/util/H2DatabaseUtil.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/exp/util/H2DatabaseUtil.java -------------------------------------------------------------------------------- /src/main/java/com/drops/exp/util/JolokiaUtil.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/exp/util/JolokiaUtil.java -------------------------------------------------------------------------------- /src/main/java/com/drops/exp/util/RefreshPost.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/exp/util/RefreshPost.java -------------------------------------------------------------------------------- /src/main/java/com/drops/exp/util/VersionUtil.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/exp/util/VersionUtil.java -------------------------------------------------------------------------------- /src/main/java/com/drops/main/AttackService.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/main/AttackService.java -------------------------------------------------------------------------------- /src/main/java/com/drops/main/Main.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/main/Main.java -------------------------------------------------------------------------------- /src/main/java/com/drops/poc/EurekaXstreamRCEPOC.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/poc/EurekaXstreamRCEPOC.java -------------------------------------------------------------------------------- /src/main/java/com/drops/poc/H2DatabaseConsoleJNDIRCEPOC.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/poc/H2DatabaseConsoleJNDIRCEPOC.java -------------------------------------------------------------------------------- /src/main/java/com/drops/poc/JolokiaLogbackRCEPOC.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/poc/JolokiaLogbackRCEPOC.java -------------------------------------------------------------------------------- /src/main/java/com/drops/poc/JolokiaRealmJNDIRCEPOC.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/poc/JolokiaRealmJNDIRCEPOC.java -------------------------------------------------------------------------------- /src/main/java/com/drops/poc/POC.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/poc/POC.java -------------------------------------------------------------------------------- /src/main/java/com/drops/poc/SnakeYAMLRCEPOC.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/poc/SnakeYAMLRCEPOC.java -------------------------------------------------------------------------------- /src/main/java/com/drops/poc/SpringBootEnvInfo.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/poc/SpringBootEnvInfo.java -------------------------------------------------------------------------------- /src/main/java/com/drops/poc/SpringBootInfo.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/poc/SpringBootInfo.java -------------------------------------------------------------------------------- /src/main/java/com/drops/poc/SpringBootInfoCheck.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/poc/SpringBootInfoCheck.java -------------------------------------------------------------------------------- /src/main/java/com/drops/poc/SpringBootUtil.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/poc/SpringBootUtil.java -------------------------------------------------------------------------------- /src/main/java/com/drops/poc/SpringCloudGatewayRCEPOC.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/poc/SpringCloudGatewayRCEPOC.java -------------------------------------------------------------------------------- /src/main/java/com/drops/poc/package-info.java: -------------------------------------------------------------------------------- 1 | package com.drops.poc; 2 | // 漏洞验证模块 3 | -------------------------------------------------------------------------------- /src/main/java/com/drops/ui/MainController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/ui/MainController.java -------------------------------------------------------------------------------- /src/main/java/com/drops/utils/Console.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/utils/Console.java -------------------------------------------------------------------------------- /src/main/java/com/drops/utils/HTTPUtils.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/utils/HTTPUtils.java -------------------------------------------------------------------------------- /src/main/java/com/drops/utils/HttpUtil.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/utils/HttpUtil.java -------------------------------------------------------------------------------- /src/main/java/com/drops/utils/LDAPUtil.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/utils/LDAPUtil.java -------------------------------------------------------------------------------- /src/main/java/com/drops/utils/MyCert.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/utils/MyCert.java -------------------------------------------------------------------------------- /src/main/java/com/drops/utils/PropertiesBean.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/utils/PropertiesBean.java -------------------------------------------------------------------------------- /src/main/java/com/drops/utils/ReUtil.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/utils/ReUtil.java -------------------------------------------------------------------------------- /src/main/java/com/drops/utils/Reflections.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/utils/Reflections.java -------------------------------------------------------------------------------- /src/main/java/com/drops/utils/ResponseUtil.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/utils/ResponseUtil.java -------------------------------------------------------------------------------- /src/main/java/com/drops/utils/SpelUtils.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/utils/SpelUtils.java -------------------------------------------------------------------------------- /src/main/java/com/drops/utils/StringRandom.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/utils/StringRandom.java -------------------------------------------------------------------------------- /src/main/java/com/drops/utils/URLUtil.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/utils/URLUtil.java -------------------------------------------------------------------------------- /src/main/java/com/drops/utils/Utils.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/utils/Utils.java -------------------------------------------------------------------------------- /src/main/java/com/drops/utils/ldapserver.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/utils/ldapserver.java -------------------------------------------------------------------------------- /src/main/java/com/drops/utils/rmiserver.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/utils/rmiserver.java -------------------------------------------------------------------------------- /src/main/java/com/drops/x/AntSwordFilter.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/x/AntSwordFilter.java -------------------------------------------------------------------------------- /src/main/java/com/drops/x/AntSwordServlet.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/x/AntSwordServlet.java -------------------------------------------------------------------------------- /src/main/java/com/drops/x/BehinderFilter.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/x/BehinderFilter.java -------------------------------------------------------------------------------- /src/main/java/com/drops/x/BehinderServlet.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/x/BehinderServlet.java -------------------------------------------------------------------------------- /src/main/java/com/drops/x/GodzillaFilter.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/x/GodzillaFilter.java -------------------------------------------------------------------------------- /src/main/java/com/drops/x/GodzillaServlet.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/x/GodzillaServlet.java -------------------------------------------------------------------------------- /src/main/java/com/drops/x/GodzillaTomServlet.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/x/GodzillaTomServlet.java -------------------------------------------------------------------------------- /src/main/java/com/drops/x/NeoreGeorgFilter.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/x/NeoreGeorgFilter.java -------------------------------------------------------------------------------- /src/main/java/com/drops/x/NeoreGeorgServlet.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/x/NeoreGeorgServlet.java -------------------------------------------------------------------------------- /src/main/java/com/drops/x/reGeorgFilter.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/x/reGeorgFilter.java -------------------------------------------------------------------------------- /src/main/java/com/drops/x/reGeorgServlet.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/java/com/drops/x/reGeorgServlet.java -------------------------------------------------------------------------------- /src/main/resources/a.fxml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/main/resources/a.fxml -------------------------------------------------------------------------------- /src/test/java/0cat.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/test/java/0cat.class -------------------------------------------------------------------------------- /src/test/java/Client.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/test/java/Client.java -------------------------------------------------------------------------------- /src/test/java/LdapClient.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/test/java/LdapClient.java -------------------------------------------------------------------------------- /src/test/java/demo.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/test/java/demo.java -------------------------------------------------------------------------------- /src/test/java/gateway.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/test/java/gateway.java -------------------------------------------------------------------------------- /src/test/java/spel.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x727/SpringBootExploit/HEAD/src/test/java/spel.java --------------------------------------------------------------------------------