Created
March 25, 2021 12:22
-
-
Save artem-smotrakov/5ea4d67c9ee5ecb51cbfc591a383df89 to your computer and use it in GitHub Desktop.
An example of a vulnerable HTTP endpoint based on HttpInvokerServiceExporter (CVE-2016-1000027)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <beans xmlns="http://www.springframework.org/schema/beans" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xmlns:context="http://www.springframework.org/schema/context" | |
| xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd | |
| http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> | |
| <bean id="accountService" class="com.gypsyengineer.server.AccountServiceImpl"/> | |
| <bean name="/account" class="org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter"> | |
| <property name="service" ref="accountService"/> | |
| <property name="serviceInterface" value="com.gypsyengineer.api.AccountService"/> | |
| </bean> | |
| </beans> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment