Hacker News new | past | comments | ask | show | jobs | submit login

I'll ask my engineers to post the one he wrote. He did put more details into the article, so go check that. Here is a repo with a POC though: https://github.com/TheGejr/SpringShell



That’s not really a POC though. That’s not a Spring Application I can run and reproduce on. That’s just a py script.


The PDF in the repo contains a simple Java sample that should be straightforward to build and run.


Yeah it doesn't work with a default Spring MVC project from start.spring.io on Jdk 18. It's hardly a proof of concept without any configuration details of the spring project. Security researchers need to do better than this.


Check the post again. We made a repo with a full end to end vulnerable app and POC




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: