This lab is created to test poc exploits on vulnerable, partially vulnerable and fixed version of spring boot deployment.
Tomcat: 8.5.73
Spring boot: 2.6.3
JDK: 11
Read how to deploy lab & test results
Here I used vulnerable spring boot and JDK version but fixed tomcat version
Tomcat: 8.5.78
Spring boot: 2.6.3
JDK: 11
Read how to deploy lab & test results
Here I used fixed spring boot, tomcat and not vulnerable JDK version
Tomcat: 8.5.78
Spring boot: 2.6.6
JDK: 8
Read how to deploy lab & test results
After testing many poc on lab I found this poc is properly able to detect the vulnerable deployment which gives
400
error response on vulnerable lab.500
error response on fixed tomcat but vulnerable spring boot lab and200 OK
response on fixed tomcat as well as spring boot lab.
source: https://twitter.com/hiaray115/status/1512147033309786119
host:port/path?class.module.classLoader.resources.baseUrls%5B0%5D=0
All labs use POC application shared by @reznok