CTF
/
path-normalization-bypasses
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added Spring Boot example

This commit is contained in:
dub-flow 2024-05-16 13:56:57 +02:00
parent 587fbd1a06
commit 8a87426f05
8 changed files with 128 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -14,7 +14,7 @@ This repository contains different scenarios for bypassing 403s leverage path no
### Flask ### Flask
* Flask removes the characters `\x85`, `\xA0`, `\x1F`, `\x1E`, `\x1D`, `\x1C`, `\x0C`, `\x0B`, and `\x09` from the URL path, but Nginx doesn't (note that it massively depends on the version of Nginx - newer version remove different characters) * Flask removes the characters `\x85`, `\xA0`, `\x1F`, `\x1E`, `\x1D`, `\x1C`, `\x0C`, `\x0B`, and `\x09` from the URL path, but Nginx doesn't (note that it massively depends on the version of Nginx - newer version remove different characters)
* On `nginx@1.25.5`, the following two still aren't removed: * On `nginx@1.25.5`, the following two are still working:
- `\x85` - `\x85`
- `\xa0` - `\xa0`
* Bypass: Visit `GET /admin\x85` or `GET /admin\xa0` (note that you actually need to send the hex character, not e.g. the string `\x85`) * Bypass: Visit `GET /admin\x85` or `GET /admin\xa0` (note that you actually need to send the hex character, not e.g. the string `\x85`)

4
java-spring-boot/.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
target
.DS_Store
.idea
.vscode

28
java-spring-boot/Dockerfile Normal file
View File

@ -0,0 +1,28 @@
# Use the official Maven image to create a build artifact.
# This uses Maven and OpenJDK 17, adjusted to match your project requirements
FROM maven:3.8.4-openjdk-17-slim AS build
# Copy the pom.xml file and download all dependencies.
COPY pom.xml /home/app/pom.xml
RUN mvn -f /home/app/pom.xml dependency:resolve
# Copy the project source
COPY src /home/app/src
# Build the application
RUN mvn -f /home/app/pom.xml clean package
# Use the official OpenJDK image for a base image.
FROM openjdk:17.0.1-jdk-slim
# Copy the jar file from the build stage into the /opt/app directory
COPY --from=build /home/app/target/some-test-0.0.1-SNAPSHOT.jar /opt/app/app.jar
# Set the working directory to /opt/app
WORKDIR /opt/app
# Expose the port the app runs on
EXPOSE 5000
# Set the container to execute the application on start
ENTRYPOINT ["java","-jar","app.jar"]

26
java-spring-boot/docker-compose.yml Normal file
View File

@ -0,0 +1,26 @@
version: '3.8'
services:
app:
build: .
container_name: springboot_app
ports:
- "5000:5000"
networks:
- app-network
nginx:
image: nginx:alpine
container_name: nginx_reverse_proxy
ports:
- "80:80"
volumes:
- ../nginx.conf:/etc/nginx/nginx.conf:ro
depends_on:
- app
networks:
- app-network
networks:
app-network:
driver: bridge

39
java-spring-boot/pom.xml Normal file
View File

@ -0,0 +1,39 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.2.5</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>some-test</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>some-test</name>
<description>Demo project for Spring Boot</description>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>

17
java-spring-boot/src/main/java/com/example/my/tests/HomeController.java Normal file
View File

@ -0,0 +1,17 @@
package com.example.my.tests;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.RequestMapping;
@RestController
public class HomeController {
@RequestMapping("/")
public String index() {
return "Greetings from Spring Boot!";
}
@RequestMapping("/admin")
public String admin() {
return "Spring Boot Admin Area!";
}
}

12
java-spring-boot/src/main/java/com/example/my/tests/TestApplication.java Normal file
View File

@ -0,0 +1,12 @@
package com.example.my.tests;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class TestApplication {
public static void main(String[] args) {
SpringApplication.run(TestApplication.class, args);
}
}

1
java-spring-boot/src/main/resources/application.properties Normal file
View File

@ -0,0 +1 @@
server.port=5000