CVE-2011-2894 PoC — Spring Framework ’deserialize‘ 对象权限许可和访问控制问题漏洞

Source

https://github.com/pwntester/SpringBreaker

Associated Vulnerability

Title:Spring Framework ’deserialize‘ 对象权限许可和访问控制问题漏洞 (CVE-2011-2894)
Description:Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.

Description

Exploit PoC for Spring RCE issue (CVE-2011-2894)

Readme

SpringBreaker
=============

Exploit PoC for Spring RCE issue (CVE-2011-2894)

File Snapshot


 [4.0K]  /data/pocs/b2ebd9ae513f96d36651b8e89a73c1b043f641ce
├── [3.7K]  pom.xml
├── [3.5K]  proxy-exploit.iml
├── [  78]  README.md
├── [  67]  run-server.sh
├── [ 108]  run.sh
├── [2.7K]  springbreaker.iml
├── [ 26K]  SpringBreaker.ipr
├── [ 48K]  SpringBreaker.iws
└── [4.0K]  src
    └── [4.0K]  main
        └── [4.0K]  java
            ├── [4.0K]  com
            │   └── [4.0K]  company
            │       ├── [4.0K]  model
            │       │   ├── [ 331]  ContactImpl.java
            │       │   └── [  75]  Contact.java
            │       └── [ 793]  SerializationServer.java
            └── [4.0K]  org
                └── [4.0K]  pwntester
                    └── [4.0K]  springbreaker
                        └── [7.3K]  FactoryProxySerializationExploit.java

9 directories, 12 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!