Skip to content

Commit d1963da

Browse files
JoyChou93JoyChou93
committed
Actuators to RCE
1 parent 453e194 commit d1963da

File tree

5 files changed

+122
-0
lines changed

5 files changed

+122
-0
lines changed

java-sec-code.iml

Lines changed: 74 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -90,5 +90,79 @@
9090
<orderEntry type="library" name="Maven: cglib:cglib:2.2.2" level="project" />
9191
<orderEntry type="library" name="Maven: asm:asm:3.3.1" level="project" />
9292
<orderEntry type="library" name="Maven: commons-beanutils:commons-beanutils:1.9.3" level="project" />
93+
<orderEntry type="library" name="Maven: org.jolokia:jolokia-core:1.6.0" level="project" />
94+
<orderEntry type="library" name="Maven: com.googlecode.json-simple:json-simple:1.1.1" level="project" />
95+
<orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-actuator:1.5.1.RELEASE" level="project" />
96+
<orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-actuator:1.5.1.RELEASE" level="project" />
97+
<orderEntry type="library" name="Maven: org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:1.4.0.RELEASE" level="project" />
98+
<orderEntry type="library" name="Maven: org.springframework.cloud:spring-cloud-starter:1.1.3.RELEASE" level="project" />
99+
<orderEntry type="library" name="Maven: org.springframework.cloud:spring-cloud-context:1.1.3.RELEASE" level="project" />
100+
<orderEntry type="library" name="Maven: org.springframework.security:spring-security-crypto:4.2.1.RELEASE" level="project" />
101+
<orderEntry type="library" name="Maven: org.springframework.cloud:spring-cloud-commons:1.1.3.RELEASE" level="project" />
102+
<orderEntry type="library" name="Maven: org.springframework.security:spring-security-rsa:1.0.3.RELEASE" level="project" />
103+
<orderEntry type="library" name="Maven: org.bouncycastle:bcpkix-jdk15on:1.55" level="project" />
104+
<orderEntry type="library" name="Maven: org.bouncycastle:bcprov-jdk15on:1.55" level="project" />
105+
<orderEntry type="library" name="Maven: org.springframework.cloud:spring-cloud-netflix-core:1.2.0.RELEASE" level="project" />
106+
<orderEntry type="library" name="Maven: org.springframework.cloud:spring-cloud-netflix-eureka-client:1.2.0.RELEASE" level="project" />
107+
<orderEntry type="library" name="Maven: com.netflix.eureka:eureka-client:1.4.11" level="project" />
108+
<orderEntry type="library" scope="RUNTIME" name="Maven: org.codehaus.jettison:jettison:1.3.7" level="project" />
109+
<orderEntry type="library" scope="RUNTIME" name="Maven: stax:stax-api:1.0.1" level="project" />
110+
<orderEntry type="library" scope="RUNTIME" name="Maven: com.netflix.netflix-commons:netflix-eventbus:0.3.0" level="project" />
111+
<orderEntry type="library" scope="RUNTIME" name="Maven: com.netflix.netflix-commons:netflix-infix:0.3.0" level="project" />
112+
<orderEntry type="library" scope="RUNTIME" name="Maven: commons-jxpath:commons-jxpath:1.3" level="project" />
113+
<orderEntry type="library" scope="RUNTIME" name="Maven: joda-time:joda-time:2.9.7" level="project" />
114+
<orderEntry type="library" scope="RUNTIME" name="Maven: org.antlr:antlr-runtime:3.4" level="project" />
115+
<orderEntry type="library" scope="RUNTIME" name="Maven: org.antlr:stringtemplate:3.2.1" level="project" />
116+
<orderEntry type="library" scope="RUNTIME" name="Maven: antlr:antlr:2.7.7" level="project" />
117+
<orderEntry type="library" scope="RUNTIME" name="Maven: com.google.code.gson:gson:2.8.0" level="project" />
118+
<orderEntry type="library" scope="RUNTIME" name="Maven: org.apache.commons:commons-math:2.2" level="project" />
119+
<orderEntry type="library" name="Maven: com.netflix.archaius:archaius-core:0.7.4" level="project" />
120+
<orderEntry type="library" scope="RUNTIME" name="Maven: javax.ws.rs:jsr311-api:1.1.1" level="project" />
121+
<orderEntry type="library" scope="RUNTIME" name="Maven: com.netflix.servo:servo-core:0.10.1" level="project" />
122+
<orderEntry type="library" scope="RUNTIME" name="Maven: com.netflix.servo:servo-internal:0.10.1" level="project" />
123+
<orderEntry type="library" scope="RUNTIME" name="Maven: com.sun.jersey:jersey-core:1.19.1" level="project" />
124+
<orderEntry type="library" scope="RUNTIME" name="Maven: com.sun.jersey:jersey-client:1.19.1" level="project" />
125+
<orderEntry type="library" scope="RUNTIME" name="Maven: com.sun.jersey.contribs:jersey-apache-client4:1.19.1" level="project" />
126+
<orderEntry type="library" scope="RUNTIME" name="Maven: com.google.inject:guice:4.0" level="project" />
127+
<orderEntry type="library" scope="RUNTIME" name="Maven: javax.inject:javax.inject:1" level="project" />
128+
<orderEntry type="library" scope="RUNTIME" name="Maven: aopalliance:aopalliance:1.0" level="project" />
129+
<orderEntry type="library" scope="RUNTIME" name="Maven: com.netflix.governator:governator-api:1.12.10" level="project" />
130+
<orderEntry type="library" name="Maven: com.netflix.eureka:eureka-core:1.4.11" level="project" />
131+
<orderEntry type="library" scope="RUNTIME" name="Maven: com.netflix.governator:governator:1.12.10" level="project" />
132+
<orderEntry type="library" scope="RUNTIME" name="Maven: com.netflix.governator:governator-core:1.12.10" level="project" />
133+
<orderEntry type="library" scope="RUNTIME" name="Maven: com.google.inject.extensions:guice-multibindings:4.0" level="project" />
134+
<orderEntry type="library" scope="RUNTIME" name="Maven: com.google.inject.extensions:guice-grapher:4.0" level="project" />
135+
<orderEntry type="library" scope="RUNTIME" name="Maven: com.google.inject.extensions:guice-assistedinject:4.0" level="project" />
136+
<orderEntry type="library" scope="RUNTIME" name="Maven: org.ow2.asm:asm:5.0.4" level="project" />
137+
<orderEntry type="library" scope="RUNTIME" name="Maven: org.codehaus.woodstox:woodstox-core-asl:4.4.1" level="project" />
138+
<orderEntry type="library" scope="RUNTIME" name="Maven: javax.xml.stream:stax-api:1.0-2" level="project" />
139+
<orderEntry type="library" scope="RUNTIME" name="Maven: org.codehaus.woodstox:stax2-api:3.1.4" level="project" />
140+
<orderEntry type="library" name="Maven: org.springframework.cloud:spring-cloud-starter-netflix-archaius:1.4.0.RELEASE" level="project" />
141+
<orderEntry type="library" name="Maven: commons-configuration:commons-configuration:1.8" level="project" />
142+
<orderEntry type="library" name="Maven: org.springframework.cloud:spring-cloud-starter-netflix-ribbon:1.4.0.RELEASE" level="project" />
143+
<orderEntry type="library" name="Maven: com.netflix.ribbon:ribbon:2.2.0" level="project" />
144+
<orderEntry type="library" scope="RUNTIME" name="Maven: com.netflix.ribbon:ribbon-transport:2.2.0" level="project" />
145+
<orderEntry type="library" scope="RUNTIME" name="Maven: io.reactivex:rxnetty-contexts:0.4.9" level="project" />
146+
<orderEntry type="library" scope="RUNTIME" name="Maven: io.reactivex:rxnetty-servo:0.4.9" level="project" />
147+
<orderEntry type="library" scope="RUNTIME" name="Maven: com.netflix.hystrix:hystrix-core:1.5.5" level="project" />
148+
<orderEntry type="library" scope="RUNTIME" name="Maven: org.hdrhistogram:HdrHistogram:2.1.9" level="project" />
149+
<orderEntry type="library" scope="RUNTIME" name="Maven: io.reactivex:rxnetty:0.4.9" level="project" />
150+
<orderEntry type="library" scope="RUNTIME" name="Maven: io.netty:netty-codec-http:4.0.27.Final" level="project" />
151+
<orderEntry type="library" scope="RUNTIME" name="Maven: io.netty:netty-codec:4.0.27.Final" level="project" />
152+
<orderEntry type="library" scope="RUNTIME" name="Maven: io.netty:netty-handler:4.0.27.Final" level="project" />
153+
<orderEntry type="library" scope="RUNTIME" name="Maven: io.netty:netty-transport-native-epoll:4.0.27.Final" level="project" />
154+
<orderEntry type="library" scope="RUNTIME" name="Maven: io.netty:netty-common:4.0.27.Final" level="project" />
155+
<orderEntry type="library" scope="RUNTIME" name="Maven: io.netty:netty-buffer:4.0.27.Final" level="project" />
156+
<orderEntry type="library" scope="RUNTIME" name="Maven: io.netty:netty-transport:4.0.27.Final" level="project" />
157+
<orderEntry type="library" name="Maven: com.netflix.ribbon:ribbon-core:2.2.0" level="project" />
158+
<orderEntry type="library" name="Maven: com.netflix.ribbon:ribbon-httpclient:2.2.0" level="project" />
159+
<orderEntry type="library" scope="RUNTIME" name="Maven: com.netflix.netflix-commons:netflix-commons-util:0.1.1" level="project" />
160+
<orderEntry type="library" name="Maven: com.netflix.ribbon:ribbon-loadbalancer:2.2.0" level="project" />
161+
<orderEntry type="library" scope="RUNTIME" name="Maven: com.netflix.netflix-commons:netflix-statistics:0.1.1" level="project" />
162+
<orderEntry type="library" name="Maven: io.reactivex:rxjava:1.1.10" level="project" />
163+
<orderEntry type="library" name="Maven: com.netflix.ribbon:ribbon-eureka:2.2.0" level="project" />
164+
<orderEntry type="library" name="Maven: com.thoughtworks.xstream:xstream:1.4.9" level="project" />
165+
<orderEntry type="library" name="Maven: xmlpull:xmlpull:1.1.3.1" level="project" />
166+
<orderEntry type="library" name="Maven: xpp3:xpp3_min:1.1.4c" level="project" />
93167
</component>
94168
</module>

pom.xml

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -110,8 +110,39 @@
110110
<version>3.2</version>
111111
</dependency>
112112

113+
<!-- SpringBoot Actuator命令执行的库 -->
114+
<dependency>
115+
<groupId>org.jolokia</groupId>
116+
<artifactId>jolokia-core</artifactId>
117+
<version>1.6.0</version>
118+
</dependency>
119+
120+
<!-- 添加SpringBoot Actuator-->
121+
<dependency>
122+
<groupId>org.springframework.boot</groupId>
123+
<artifactId>spring-boot-starter-actuator</artifactId>
124+
</dependency>
125+
126+
<dependency>
127+
<groupId>org.springframework.cloud</groupId>
128+
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
129+
<version>1.4.0.RELEASE</version>
130+
</dependency>
131+
113132
</dependencies>
114133

134+
<dependencyManagement>
135+
<dependencies>
136+
<dependency>
137+
<groupId>org.springframework.cloud</groupId>
138+
<artifactId>spring-cloud-dependencies</artifactId>
139+
<version>Camden.RELEASE</version>
140+
<type>pom</type>
141+
<scope>import</scope>
142+
</dependency>
143+
</dependencies>
144+
</dependencyManagement>
145+
115146
<!-- jar -->
116147
<build>
117148
<plugins>

src/main/java/org/joychou/Application.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,11 @@
44
import org.springframework.boot.autoconfigure.SpringBootApplication;
55
import org.springframework.boot.builder.SpringApplicationBuilder;
66
import org.springframework.boot.web.support.SpringBootServletInitializer;
7+
import org.springframework.cloud.netflix.eureka.EnableEurekaClient;
78

89

910
@SpringBootApplication
11+
@EnableEurekaClient
1012
public class Application extends SpringBootServletInitializer {
1113

1214
@Override

src/main/resources/application.properties

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
2+
# Spring Boot Actuator Vulnerable Config
3+
management.security.enabled=false

src/main/resources/logback.xml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
<configuration>
2+
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
3+
<withJansi>true</withJansi>
4+
<encoder>
5+
<pattern>[%thread] %highlight(%-5level) %cyan(%logger{15}) - %msg %n</pattern>
6+
</encoder>
7+
</appender>
8+
<root level="info">
9+
<appender-ref ref="STDOUT" />
10+
</root>
11+
<jmxConfigurator/>
12+
</configuration>

0 commit comments

Comments
 (0)