first commit

base/spring/with-jackson/2.8.8/.gitignore

@@ -0,0 +1,53 @@
+mvnw
+mvnw.cmd
+.mvn
+/target/
+!.mvn/wrapper/maven-wrapper.jar
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/build/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+### Java template
+# Compiled class file
+*.class
+
+# Log file
+*.log
+
+# BlueJ files
+*.ctxt
+
+# Mobile Tools for Java (J2ME)
+.mtj.tmp/
+
+# Package Files #
+*.jar
+*.war
+*.nar
+*.ear
+*.zip
+*.tar.gz
+*.rar
+
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
+

base/spring/with-jackson/2.8.8/Dockerfile

@@ -0,0 +1,20 @@
+FROM maven:3-jdk-7 AS builder
+
+LABEL MAINTAINER="phithon <root@leavesongs.com>"
+
+COPY ./ /usr/src/
+
+WORKDIR /usr/src
+
+RUN cd /usr/src; \
+    mvn -U clean package -Dmaven.test.skip=true
+
+FROM vulhub/java:7u21-jdk
+
+LABEL MAINTAINER="b1ngz <blinking.yan@gmail.com>"
+
+COPY --from=builder /usr/src/target/jackson.jar /jackson.jar
+
+EXPOSE 8080
+
+CMD ["java", "-jar", "/jackson.jar"]

base/spring/with-jackson/2.8.8/pom.xml

@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.b1ngz.sec</groupId>
+    <artifactId>jackson-vul</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+    <packaging>jar</packaging>
+
+    <name>jackson-vul</name>
+    <description>Jackson CVE-2017-7525 / CVE-2017-17485 for vulhub</description>
+
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>1.5.12.RELEASE</version>
+    </parent>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+        <java.version>1.7</java.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>2.8.8</version>
+        </dependency>
+
+        <!-- https://mvnrepository.com/artifact/org.javassist/javassist -->
+        <dependency>
+            <groupId>org.javassist</groupId>
+            <artifactId>javassist</artifactId>
+            <version>3.22.0-GA</version>
+            <scope>test</scope>
+        </dependency>
+
+        <!-- https://mvnrepository.com/artifact/commons-codec/commons-codec -->
+        <dependency>
+            <groupId>commons-codec</groupId>
+            <artifactId>commons-codec</artifactId>
+            <version>1.11</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+                <configuration>
+                    <finalName>jackson</finalName>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>

base/spring/with-jackson/2.8.8/src/main/java/com/b1ngz/sec/JacksonApplication.java

@@ -0,0 +1,23 @@
+package com.b1ngz.sec;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.Bean;
+
+@SpringBootApplication
+public class JacksonApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(JacksonApplication.class, args);
+    }
+
+    @Bean
+    public ObjectMapper objectMapper() {
+        ObjectMapper mapper = new ObjectMapper();
+        // enable Polymorphic Deserialization, one of
+        mapper.enableDefaultTyping();
+        // mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL);
+        return mapper;
+    }
+}

base/spring/with-jackson/2.8.8/src/main/java/com/b1ngz/sec/controller/JacksonController.java

@@ -0,0 +1,26 @@
+package com.b1ngz.sec.controller;
+
+import com.b1ngz.sec.model.Target;
+import com.b1ngz.sec.util.ResourceUtils;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * Created by b1ngz on 2018/9/8.
+ */
+@RestController
+public class JacksonController {
+
+    @PostMapping(value = "exploit", consumes = "application/json")
+    public String test(@RequestBody Target target) throws Exception {
+        return target.toString();
+    }
+
+    @GetMapping(value = "spel.xml")
+    public String getSpelXml() throws Exception {
+        return ResourceUtils.readResourceFileAsStr("/spel.xml");
+    }
+
+}

base/spring/with-jackson/2.8.8/src/main/java/com/b1ngz/sec/model/Target.java

@@ -0,0 +1,16 @@
+package com.b1ngz.sec.model;
+
+/**
+ * Created by b1ngz on 2018/9/8.
+ */
+public class Target {
+    private Object param;
+
+    public Object getParam() {
+        return param;
+    }
+
+    public void setParam(Object param) {
+        this.param = param;
+    }
+}

base/spring/with-jackson/2.8.8/src/main/java/com/b1ngz/sec/util/ResourceUtils.java

@@ -0,0 +1,22 @@
+package com.b1ngz.sec.util;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+
+/**
+ * Created by b1ngz on 2018/9/9.
+ */
+public class ResourceUtils {
+
+    public static String readResourceFileAsStr(String filename) throws IOException {
+        BufferedReader br = new BufferedReader(new InputStreamReader(ResourceUtils.class.getResourceAsStream(filename)));
+        String line;
+        StringBuilder sb = new StringBuilder();
+        while ((line = br.readLine()) != null) {
+            sb.append(line);
+        }
+
+        return sb.toString();
+    }
+}