Skip to content

Exploiting CVE-2017-7525 demo project with Angular7 frontend and Spring.

Notifications You must be signed in to change notification settings

JavanXD/Demo-Exploit-Jackson-RCE

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Demo-Exploit-Jackson-RCE

Based on the project jackson-rce-via-spel this project serves as an example web application to test multiple attack vectors (file upload, forms) on the Jackson-databind vulnerability.

Introduction

Based on an Angular7 frontend and a spring-boot backend different attack vectors can be tested and the results visualized and checked.

Build

Build and package spring boot and angular7 into a deployable war file.

mvn package

Run

Which automatically opens a web browser at http://localhost:4200.

backend/mvn spring-boot:run

Screenshots

Recording of exploting an file upload

Recording of exploting an user creation form

About

Exploiting CVE-2017-7525 demo project with Angular7 frontend and Spring.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published