.. / CVE-2018-1273

Exploit for Spring Data Commons - Remote Code Execution (CVE-2018-1273)

Description:

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data’s projection-based request payload binding hat can lead to a remote code execution attack.

Nuclei Template

View the template here CVE-2018-1273.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-1273.yaml

References:

https://pivotal.io/security/cve-2018-1273
https://www.oracle.com/security-alerts/cpujul2022.html
http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E
https://nvd.nist.gov/vuln/detail/CVE-2018-1273
https://github.com/2lambda123/SBSCAN

.. / CVE-2018-1273 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Spring Data Commons - Remote Code Execution (CVE-2018-1273)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2018-1273