Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-1270 PoC — Pivotal Software Spring Framework 代码注入漏洞

Source
https://github.com/CaledoniaProject/CVE-2018-1270
Associated Vulnerability
Title:Pivotal Software Spring Framework 代码注入漏洞 (CVE-2018-1270)
Description:Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
Description
Spring messaging STOMP protocol RCE
File Snapshot

 [4.0K]  /data/pocs/298741172633dd830bc8c8133a77e069bfbc9e63
├── [4.0K]  contrib
│   ├── [508K]  screenshot.jpg
│   └── [ 58K]  web.jpg
├── [2.5K]  pom.xml
├── [2.0K]  readme.md
└── [4.0K]  src
    └── [4.0K]  main
        ├── [4.0K]  java
        │   └── [4.0K]  com
        │       └── [4.0K]  nibado
        │           └── [4.0K]  example
        │               └── [4.0K]  websocket
        │                   ├── [4.0K]  client
        │                   │   ├── [1.2K]  MySessionHandler.java
        │                   │   └── [1.1K]  ServiceClient.java
        │                   └── [4.0K]  service
        │                       ├── [ 327]  Application.java
        │                       ├── [ 586]  GreetingController.java
        │                       ├── [ 235]  Greeting.java
        │                       ├── [ 129]  HelloMessage.java
        │                       ├── [ 966]  TimeSender.java
        │                       └── [ 985]  WebSocketConfig.java
        └── [4.0K]  resources
            ├── [ 441]  logback.xml
            └── [4.0K]  static
                ├── [ 329]  app.js
                ├── [ 746]  index.html
                └── [ 15K]  stomp.js

12 directories, 16 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →