CVE-2020-5410

This repository provides a functional proof-of-concept for CVE-2020-5410, a directory traversal vulnerability in Spring Cloud Config. The PoC includes a curl command that exploits the vulnerability to read arbitrary files (e.g., /etc/passwd) via a crafted URL with double-encoded traversal sequences.

This repository contains the source code for Spring Cloud Config, specifically the 2.1.8.RELEASE version, which is vulnerable to CVE-2020-5410. The files include configuration, documentation, and Java source code for the client and environment modules, but no explicit exploit code is present.

The repository contains only configuration files with no exploit code or technical details about CVE-2020-5410. The README is minimal and lacks any meaningful analysis or PoC.

The repository provides a detailed technical analysis of CVE-2020-5410 (Spring Cloud Config Path Traversal) and CVE-2013-3770 (Oracle IDoc Injection) in LobeChat versions 1.46.7 and lower. It includes HTTP request examples demonstrating path traversal and command injection techniques, along with a description of the discovery process.

This Metasploit module exploits an unauthenticated directory traversal vulnerability in Spring Cloud Config Server by sending a crafted HTTP GET request with encoded path traversal sequences to read arbitrary files from the server.