feat:添加spring cloud config server漏洞模块(CVE-201903799)

“threedr3am” · “threedr3am” · commit 9203dcf628e6 · 2020-03-08T01:00:47.000+08:00
diff --git a/spring/spring-cloud-config-server(CVE-2019-3799)/pom.xml b/spring/spring-cloud-config-server(CVE-2019-3799)/pom.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <parent>
+    <groupId>org.springframework.boot</groupId>
+    <artifactId>spring-boot-starter-parent</artifactId>
+    <version>2.0.3.RELEASE</version>
+    <relativePath/>
+  </parent>
+  <modelVersion>4.0.0</modelVersion>
+
+  <artifactId>spring-cloud-config-server-CVE-2019-3799</artifactId>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter</artifactId>
+    </dependency>
+
+    <dependency>
+      <groupId>org.springframework.cloud</groupId>
+      <artifactId>spring-cloud-config-server</artifactId>
+      <version>2.0.3.RELEASE</version>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-maven-plugin</artifactId>
+        <configuration>
+          <fork>true</fork>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
+</project>
diff --git a/spring/spring-cloud-config-server(CVE-2019-3799)/src/main/java/com/threedr3am/bug/spring/config/server/Application.java b/spring/spring-cloud-config-server(CVE-2019-3799)/src/main/java/com/threedr3am/bug/spring/config/server/Application.java
@@ -0,0 +1,17 @@
+package com.threedr3am.bug.spring.config.server;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.config.server.EnableConfigServer;
+
+/**
+ * @author threedr3am
+ */
+@EnableConfigServer
+@SpringBootApplication
+public class Application {
+
+  public static void main(String[] args) {
+    SpringApplication.run(Application.class, args);
+  }
+}
diff --git a/spring/spring-cloud-config-server(CVE-2019-3799)/src/main/java/com/threedr3am/bug/spring/config/server/package-info.java b/spring/spring-cloud-config-server(CVE-2019-3799)/src/main/java/com/threedr3am/bug/spring/config/server/package-info.java
@@ -0,0 +1,11 @@
+/**
+ * 触发点 org.springframework.cloud.config.server.resource.ResourceController
+ *
+ * todo 条件：需要使用git等版本库存储，经测试使用本地存储不成功
+ *
+ * url中第三个label，也就是/{application}/{profile}/{label}/..%252f..%252fetc%252fpasswd中的label需要存在的分支，
+ * 一般情况下master存在，因此url为：/threedr3am/dev/master/..%252f..%252f..%252f..%252f..%252f../etc/passwd
+ *
+ * @author threedr3am
+ */
+package com.threedr3am.bug.spring.config.server;
diff --git a/spring/spring-cloud-config-server(CVE-2019-3799)/src/main/resources/application.yml b/spring/spring-cloud-config-server(CVE-2019-3799)/src/main/resources/application.yml
@@ -0,0 +1,10 @@
+spring:
+  profiles:
+    active: native
+  cloud:
+    config:
+      server:
+        git:
+          uri: https://github.com/threedr3am/share-project
+server:
+  port: 9988
