Skip to content
/ Demo-Exploit-Jackson-RCE Public

Exploiting CVE-2017-7525 demo project with Angular7 frontend and Spring.

17 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

JavanXD/Demo-Exploit-Jackson-RCE

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
backend
backend
 
 
docs
docs
 
 
frontend
frontend
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Demo-Exploit-Jackson-RCE

Based on the project jackson-rce-via-spel this project serves as an example web application to test multiple attack vectors (file upload, forms) on the Jackson-databind vulnerability.

Introduction

Based on an Angular7 frontend and a spring-boot backend different attack vectors can be tested and the results visualized and checked.

Build

Build and package spring boot and angular7 into a deployable war file.

mvn package

Run

Which automatically opens a web browser at http://localhost:4200.

backend/mvn spring-boot:run

Screenshots

Recording of exploting an file upload

Recording of exploting an user creation form

About

Exploiting CVE-2017-7525 demo project with Angular7 frontend and Spring.

Resources

Readme
Activity

Stars

17 stars

Watchers

3 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages