spring-cloud-confg-server目录穿越(CVE-2019-3799 and CVE-2020-5405)
一、CVE-2019-3799
环境搭建
- pom.xml
| 1 | <parent> | 
- application.yml
PS:无论是native本地存储还是git仓库都可以1
2
3
4
5
6
7
8
9
10
11
12spring:
  profiles:
    active: native
  cloud:
    config:
      server:
        native:
          search-locations: file:///tmp
#        git:
#          uri: https://github.com/threedr3am/share-project
server:
  port: 9988
- Application
| 1 | @EnableConfigServer | 
POC
| 1 | /** | 
二、CVE-2020-5405
环境搭建
- pom.xml
| 1 | <parent> | 
- application.yml
| 1 | spring: | 
- Application
| 1 | @EnableConfigServer | 
POC
| 1 | /** |