first commit

2025-09-06 16:08:15 +08:00
commit 63285f61aa
2624 changed files with 88491 additions and 0 deletions
--- a/base/spring/spring-security/5.6.3/Dockerfile
+++ b/base/spring/spring-security/5.6.3/Dockerfile
@@ -0,0 +1,14 @@
+FROM maven:3-jdk-8 AS builder
+COPY ./code/ /usr/src/
+WORKDIR /usr/src
+RUN cd /usr/src; \
+    mvn -U clean package -Dmaven.test.skip=true
+
+
+FROM openjdk:8-jdk-alpine
+COPY --from=builder /usr/src/target/com.vulhub.authzvuln-0.0.1-SNAPSHOT.jar /demo.jar
+
+EXPOSE 8080
+
+CMD ["java", "-jar", "/demo.jar"]
+
--- a/base/spring/spring-security/5.6.3/code/.gitignore
+++ b/base/spring/spring-security/5.6.3/code/.gitignore
@@ -0,0 +1,57 @@
+HELP.md
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+### Java template
+# Compiled class file
+*.class
+
+# Log file
+*.log
+
+# BlueJ files
+*.ctxt
+
+# Mobile Tools for Java (J2ME)
+.mtj.tmp/
+
+# Package Files #
+*.jar
+*.war
+*.nar
+*.ear
+*.zip
+*.tar.gz
+*.rar
+
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
--- a/base/spring/spring-security/5.6.3/code/pom.xml
+++ b/base/spring/spring-security/5.6.3/code/pom.xml
@@ -0,0 +1,64 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+     <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>2.7.0</version>
+        <relativePath/> <!-- lookup parent from repository -->
+    </parent>
+  <groupId>com.vulhub.authzvuln</groupId>
+  <artifactId>com.vulhub.authzvuln</artifactId>
+  <version>0.0.1-SNAPSHOT</version>
+  <name>CVE-2022-22978</name>
+  <description>CVE-2022-22978</description>
+      <properties>
+        <java.version>1.8</java.version>
+        <spring-security.version>5.6.3</spring-security.version>
+    </properties>
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-tomcat</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-thymeleaf</artifactId>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+                <configuration><!--
+                    <jvmArguments>
+                        -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8989
+                    </jvmArguments>-->
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <configuration>
+                    <testFailureIgnore>true</testFailureIgnore>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>
--- a/base/spring/spring-security/5.6.3/code/src/main/java/com/vulhub/authzvuln/App.java
+++ b/base/spring/spring-security/5.6.3/code/src/main/java/com/vulhub/authzvuln/App.java
@@ -0,0 +1,12 @@
+package com.vulhub.authzvuln;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication(scanBasePackages = { "com.vulhub" })
+public class App {
+
+	public static void main(String[] args) {
+		SpringApplication.run(App.class, args);
+	}
+}
--- a/base/spring/spring-security/5.6.3/code/src/main/java/com/vulhub/authzvuln/DemoController.java
+++ b/base/spring/spring-security/5.6.3/code/src/main/java/com/vulhub/authzvuln/DemoController.java
@@ -0,0 +1,18 @@
+package com.vulhub.authzvuln;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+
+
+@Controller
+public class DemoController {
+    @GetMapping("/admin/*")
+    public String Admin(){
+        return "admin";
+    }
+
+    @GetMapping("/")
+    public String User(){
+        return "index";
+    }
+}
--- a/base/spring/spring-security/5.6.3/code/src/main/java/com/vulhub/authzvuln/MyErrorController.java
+++ b/base/spring/spring-security/5.6.3/code/src/main/java/com/vulhub/authzvuln/MyErrorController.java
@@ -0,0 +1,28 @@
+package com.vulhub.authzvuln;
+
+
+import org.springframework.stereotype.Controller;
+import org.springframework.boot.web.servlet.error.ErrorController;
+import org.springframework.web.bind.annotation.RequestMapping;
+import javax.servlet.http.HttpServletRequest;
+import org.springframework.http.HttpStatus;
+import javax.servlet.RequestDispatcher;
+
+
+@Controller
+public class MyErrorController implements ErrorController  {
+
+@RequestMapping("/error")
+public String handleError(HttpServletRequest request) {
+	    Object status = request.getAttribute(RequestDispatcher.ERROR_STATUS_CODE);
+	    
+	    if (status != null) {
+	        Integer statusCode = Integer.valueOf(status.toString());
+	    
+	        if(statusCode == HttpStatus.FORBIDDEN.value()) {
+	            return "error-403";
+	        }
+	    }
+	    return "error";
+    }
+}
--- a/base/spring/spring-security/5.6.3/code/src/main/java/com/vulhub/authzvuln/ServletInit.java
+++ b/base/spring/spring-security/5.6.3/code/src/main/java/com/vulhub/authzvuln/ServletInit.java
@@ -0,0 +1,15 @@
+package com.vulhub.authzvuln;
+
+import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
+import org.springframework.context.annotation.ComponentScan;
+
+@ComponentScan(basePackages = {"com.vulhub.authzvuln"})
+public class ServletInit extends SpringBootServletInitializer {
+
+    @Override
+    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
+        return application.sources(App.class);
+    }
+
+}
--- a/base/spring/spring-security/5.6.3/code/src/main/java/com/vulhub/authzvuln/SpringSecurityConfig.java
+++ b/base/spring/spring-security/5.6.3/code/src/main/java/com/vulhub/authzvuln/SpringSecurityConfig.java
@@ -0,0 +1,16 @@
+package com.vulhub.authzvuln;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@EnableWebSecurity
+public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity httpSecurity) throws Exception{
+        httpSecurity.authorizeRequests().regexMatchers("/admin/.*").authenticated();
+    }
+}
--- a/base/spring/spring-security/5.6.3/code/src/main/resources/templates/admin.html
+++ b/base/spring/spring-security/5.6.3/code/src/main/resources/templates/admin.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Admin Page</title>
+</head>
+<body>
+Congratulations, you are an admin!
+</body>
+</html>
--- a/base/spring/spring-security/5.6.3/code/src/main/resources/templates/error-403.html
+++ b/base/spring/spring-security/5.6.3/code/src/main/resources/templates/error-403.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>CVE-2022-22978</title>
+</head>
+<body>
+Forbidden / Access denied
+</body>
+</html>
--- a/base/spring/spring-security/5.6.3/code/src/main/resources/templates/error.html
+++ b/base/spring/spring-security/5.6.3/code/src/main/resources/templates/error.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>CVE-2022-22978</title>
+</head>
+<body>
+ERROR sorry...
+</body>
+</html>
--- a/base/spring/spring-security/5.6.3/code/src/main/resources/templates/index.html
+++ b/base/spring/spring-security/5.6.3/code/src/main/resources/templates/index.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>CVE-2022-22978</title>
+</head>
+<body>
+    CVE-2022-22978 Demo via Spring security 5.6.3<br/>
+    
+Admin page: <a href="/admin/index">/admin/</a><br/>
+    
+Payload: /admin/index%0a
+
+</body>
+</html>