CVE-2017-8046

This Java-based exploit leverages CVE-2017-8046 to achieve remote code execution (RCE) in Spring Data REST by crafting a malicious PATCH request with a JSON payload that bypasses input validation. The payload executes arbitrary commands by exploiting SpEL (Spring Expression Language) injection.

This repository contains a Java-based exploit for CVE-2017-8046, a remote code execution vulnerability in Spring Data REST. The exploit leverages malicious PATCH requests with crafted JSON data to execute arbitrary commands on vulnerable servers.

This repository provides a vulnerable Spring Data REST application and exploit examples for CVE-2017-8046, demonstrating arbitrary code execution via malicious PATCH requests with crafted JSON data.

This repository demonstrates CVE-2017-8046, a SpEL injection vulnerability in Spring Data REST. The PoC includes a Spring Boot application and a test case that exploits the vulnerability to execute arbitrary commands (e.g., launching calc.exe) via a maliciously crafted PATCH request.

This repository contains a proof-of-concept exploit for CVE-2017-8046, a vulnerability in Spring Data REST that allows remote code execution (RCE) via malicious URI input. The exploit leverages the `UriToEntityConverter` class to execute arbitrary code during URI-to-entity conversion.

This repository contains a minimal Docker build script for CVE-2017-8046 but lacks exploit code. It references a vulnerable Spring Data REST application but does not include a PoC.

This is a Java-based exploit for CVE-2017-8046, which allows remote code execution (RCE) via malicious PATCH requests in Spring Data REST. The exploit crafts a JSON payload with a SpEL (Spring Expression Language) injection to execute arbitrary commands on the target system.

This is a functional proof-of-concept exploit for CVE-2017-8046, a remote code execution vulnerability in Spring Data REST. It allows blind RCE via crafted PATCH requests with JSON-Patch+JSON content type.

This PoC exploits CVE-2017-8046, a deserialization vulnerability in Spring Data REST, by sending a malicious PATCH request with a crafted JSON payload to execute arbitrary commands on the target system. The exploit uses base64-encoded payloads to bypass input validation and achieve remote code execution.

This repository contains a vulnerable Spring Data REST application designed to demonstrate CVE-2017-8046, which involves command injection and remote code execution via REST APIs. The application includes Swagger UI for testing and discovery purposes.

This repository contains a working PoC for CVE-2017-8046, a Spring Data REST vulnerability allowing SpEL injection via JSON patch requests. The exploit demonstrates arbitrary command execution by injecting a SpEL expression in a PATCH request.