Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2016-2173 PoC — Pivotal Software Spring AMQP 安全漏洞

Source
https://github.com/HaToan/CVE-2016-2173
Associated Vulnerability
Title:Pivotal Software Spring AMQP 安全漏洞 (CVE-2016-2173)
Description:org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.
Readme
# CVE-2016-2173 - Remote Code Execution in Spring AMQP - App Test

### Description
The class org.springframework.core.serializer.DefaultDeserializer does not validate the deserialized object against a whitelist. By supplying a crafted serialized object like Chris Frohoff's Commons Collection gadget, remote code execution can be achieved.
### Versions Affected
1.0.0 to 1.5.4
### Vendor
Spring by Pivotal
### Install
	- Maven 3.x+
	- Java 1.7+
	- [RabbitMQ](https://www.rabbitmq.com/download.htm)
### Run App Vulnerbility
	- mvn eclipse:eclipse
	- import project
	- run project (App)
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →