{"id":308,"date":"2020-03-17T00:15:45","date_gmt":"2020-03-16T16:15:45","guid":{"rendered":"https:\/\/blog.73007300.xyz\/?p=308"},"modified":"2020-03-17T01:04:52","modified_gmt":"2020-03-16T17:04:52","slug":"spring-cloud-config-serve%e7%9b%ae%e5%bd%95%e9%81%8d%e5%8e%86%e6%bc%8f%e6%b4%9e%ef%bc%88cve-2020-5405%ef%bc%89%e5%88%86%e6%9e%90","status":"publish","type":"post","link":"https:\/\/blog.73007300.xyz\/?p=308","title":{"rendered":"Spring Cloud Config Serve\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff08CVE-2020-5405\uff09\u5206\u6790"},"content":{"rendered":"\n<p> \u6839\u636e<a href=\"https:\/\/www.baeldung.com\/spring-cloud-configuration\">https:\/\/www.baeldung.com\/spring-cloud-configuration<\/a>&nbsp;\u642d\u73af\u5883\u3002\u5176\u4e2dpom.xml\u7684\u4f9d\u8d56\u6539\u4e3a\uff1a <\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>  &lt;dependencies>\n\t    &lt;dependency>\n\t    &lt;groupId>org.springframework.cloud&lt;\/groupId>\n\t    &lt;artifactId>spring-cloud-config-server&lt;\/artifactId>\n\t    &lt;version>2.2.0.RELEASE&lt;\/version>\n\t&lt;\/dependency>\n\n\t&lt;dependency>\n\t    &lt;groupId>org.springframework.boot&lt;\/groupId>\n\t    &lt;artifactId>spring-boot-starter-web&lt;\/artifactId>\n\t    &lt;version>2.2.1.RELEASE&lt;\/version>\n\t&lt;\/dependency>\n  &lt;\/dependencies><\/code><\/pre>\n\n\n\n<p>\n\n\u542f\u52a8\u9879\u76ee\u3002\u6839\u636e\u6587\u7ae0\u7684\u4ecb\u7ecd\uff0c\u67e5\u8be2\u8bed\u53e5\u7684\u683c\u5f0f\u4e3a\uff1a\n\n<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/{application}\/{profile}[\/{label}]\n\/{application}-{profile}.yml\n\/{label}\/{application}-{profile}.yml\n\/{application}-{profile}.properties\n\/{label}\/{application}-{profile}.properties<\/code><\/pre>\n\n\n\n<p> label\u662fgit\u5206\u652f<\/p>\n\n\n\n<p>application \u662f\u5e94\u7528\u540d\u5b57<\/p>\n\n\n\n<p>profile \u662f\u5f53\u524d\u6b63\u5728\u4f7f\u7528\u5e94\u7528\u7684profile<br>\u6b63\u5e38\u7684\u8bf7\u6c42\uff0c\u53ef\u4ee5\u8bfb\u53d6git\u4ed3\u5e93\u4e0b\u7684\u4efb\u4f55\u6587\u4ef6 <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1125\" height=\"256\" src=\"https:\/\/blog.73007300.xyz\/wp-content\/uploads\/2020\/03\/image-7.png\" alt=\"\" class=\"wp-image-310\"\/><figcaption><br><\/figcaption><\/figure>\n\n\n\n<p> \u800c\u95ee\u9898\u5c31\u51fa\u5728{label}<\/p>\n\n\n\n<p>\u5148\u4e0aPOC\uff1a <\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>GET \/config-client\/development\/master(_)..(_)..(_)..(_)..(_)..(_)..(_)\/etc\/resolv.conf HTTP\/1.1\nHost: kali-xps:8888\nUser-Agent: Mozilla\/5.0 (X11; Linux x86_64; rv:68.0) Gecko\/20100101 Firefox\/68.0\nAccept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nConnection: close\nCookie: hibext_instdsigdipv2=1\nUpgrade-Insecure-Requests: 1<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1191\" height=\"266\" src=\"https:\/\/blog.73007300.xyz\/wp-content\/uploads\/2020\/03\/image-8.png\" alt=\"\" class=\"wp-image-311\"\/><\/figure>\n\n\n\n<p> \u901a\u8fc7\u8865\u4e01<a href=\"https:\/\/github.com\/spring-cloud\/spring-cloud-config\/commit\/651f458919c40ef9a5e93e7d76bf98575910fad0\">https:\/\/github.com\/spring-cloud\/spring-cloud-config\/commit\/651f458919c40ef9a5e93e7d76bf98575910fad0<\/a>&nbsp;\u5b9a\u4f4d\u5230\u9700\u5728<\/p>\n\n\n\n<p>spring-cloud-config-server\/src\/main\/java\/org\/springframework\/cloud\/config\/server\/resource\/ResourceController.java <\/p>\n\n\n\n<p>\u4e0b\u65ad\u70b9<\/p>\n\n\n\n<p>debug<\/p>\n\n\n\n<p>\u53d1\u9001payload: <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1473\" height=\"462\" src=\"https:\/\/blog.73007300.xyz\/wp-content\/uploads\/2020\/03\/image-9.png\" alt=\"\" class=\"wp-image-312\"\/><figcaption> \u53ef\u4ee5\u770b\u5230\u4ee5uri\u4e2d\u7684\/\u4e3a\u8fb9\u754c\uff0c\u5206\u522b\u83b7\u53d6\u5230\u4e86 application profile \u548c label\u3002 <\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1424\" height=\"452\" src=\"https:\/\/blog.73007300.xyz\/wp-content\/uploads\/2020\/03\/image-10.png\" alt=\"\" class=\"wp-image-313\"\/><figcaption> resolveLabel()\u65b9\u6cd5\u5c06 label\u4e2d\u7684(_)\u66ff\u6362\u4e3a\u4e86\/ <\/figcaption><\/figure>\n\n\n\n<p> \u8ddf\u8fdb&nbsp;resolveLabel()\u65b9\u6cd5\uff1a <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"706\" height=\"151\" src=\"https:\/\/blog.73007300.xyz\/wp-content\/uploads\/2020\/03\/image-11.png\" alt=\"\" class=\"wp-image-314\"\/><figcaption> \u4ec5\u4ec5\u662f\u5224\u65ad\u975e\u7a7a\u4e14\u5305\u542b(_)\u5c31\u66ff\u6362\u4e3a\/ <\/figcaption><\/figure>\n\n\n\n<p> \u6240\u4ee5label\u90e8\u5206\u8de8\u76ee\u5f55\u65f6\u4e0d\u80fd\u51fa\u73b0\/ \uff0c\u5426\u5219\/\u53f3\u8fb9\u7684\u90e8\u5206\u5c31\u89c6\u4e3agit \u4ed3\u5e93\u4e0b\u7684\u6587\u4ef6\u4e86\u3002 <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1325\" height=\"433\" src=\"https:\/\/blog.73007300.xyz\/wp-content\/uploads\/2020\/03\/image-12.png\" alt=\"\" class=\"wp-image-315\"\/><figcaption> label\u53f3\u8fb9\u51fa\u73b0\u7b2c\u4e00\u4e2a \/ \u7b26\u53f7\u540e\u7684\u5185\u5bb9 \u5168\u653e\u5728path\u91cc\u3002 <\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1566\" height=\"428\" src=\"https:\/\/blog.73007300.xyz\/wp-content\/uploads\/2020\/03\/image-13.png\" alt=\"\" class=\"wp-image-316\"\/><figcaption> \u901a\u8fc7application \u548c profile \u83b7\u53d6\u5230\u4ed3\u5e93\u5730\u5740\u540e \uff0c\u7b80\u5355\u7684\u62fc\u4e0a\u7ecf\u8fc7\u8f6c\u6362\u8fc7\u7684label\u7684\u5730\u5740\uff0c\u540e\u9762\u52a0\u4e2a\/ <\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1647\" height=\"421\" src=\"https:\/\/blog.73007300.xyz\/wp-content\/uploads\/2020\/03\/image-14.png\" alt=\"\" class=\"wp-image-317\"\/><figcaption> \u62fc\u63a5\u540e <\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1646\" height=\"409\" src=\"https:\/\/blog.73007300.xyz\/wp-content\/uploads\/2020\/03\/image-15.png\" alt=\"\" class=\"wp-image-318\"\/><figcaption> \u4e4b\u540e\u4f1a\u518d\u5c1d\u8bd5\u8fdb\u884c\u591a\u6b21\u62fc\u63a5\uff0c\u628a\u6240\u6709\u53ef\u80fd\u7684\u7ec4\u5408\u5f62\u5f0f\u90fd\u5c1d\u8bd5\u4e00\u904d\u3002\u6bd4\u5982\u5728\u6587\u4ef6\u540e\u52a0-development.conf\u5224\u65ad\u5b58\u4e0d\u5b58\u5728<\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1656\" height=\"469\" src=\"https:\/\/blog.73007300.xyz\/wp-content\/uploads\/2020\/03\/image-16.png\" alt=\"\" class=\"wp-image-319\"\/><figcaption> \u4e0d\u8fc7\u5df2\u7ecf\u65e0\u5173\u7d27\u8981\u4e86 \u6211\u4eec\u6784\u9020\u7684poc\u7684\u6587\u4ef6\u662f\u5b58\u5728\u7684 <\/figcaption><\/figure>\n\n\n\n<p> \u6587\u4ef6\u5b58\u5728\uff0c\u8df3\u51fa\u5faa\u73af\u3002 <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1639\" height=\"462\" src=\"https:\/\/blog.73007300.xyz\/wp-content\/uploads\/2020\/03\/image-17.png\" alt=\"\" class=\"wp-image-320\"\/><figcaption> resource\u53d8\u91cf\u4e2d\u5b58\u7684\u6587\u4ef6\u8def\u5f84 <\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1618\" height=\"494\" src=\"https:\/\/blog.73007300.xyz\/wp-content\/uploads\/2020\/03\/image-18.png\" alt=\"\" class=\"wp-image-321\"\/><figcaption> \u5148\u83b7\u53d6\u6587\u4ef6\u5185\u5bb9 <\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1629\" height=\"470\" src=\"https:\/\/blog.73007300.xyz\/wp-content\/uploads\/2020\/03\/image-19.png\" alt=\"\" class=\"wp-image-322\"\/><figcaption> \u4f46\u662f\u4e0b\u9762\u5224\u65ad\u4e86\u6587\u4ef6\u6709\u6ca1\u6709\u540e\u7f00\u540d\uff0c\u5982\u679c\u6587\u4ef6\u6ca1\u6709\u540e\u7f00\u540d <\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1241\" height=\"511\" src=\"https:\/\/blog.73007300.xyz\/wp-content\/uploads\/2020\/03\/image-20.png\" alt=\"\" class=\"wp-image-323\"\/><figcaption> \u5373\u4f7f\u8bfb\u5230\u6587\u4ef6\uff0c\u4e5f\u4f1a\u56e0\u4e3a\u83b7\u53d6\u4e0d\u5230\u6587\u4ef6\u540d\u4e2d\u7684 \".\" \u7684\u4f4d\u7f6e\u800c\u8fd4\u56de\u7a7a <\/figcaption><\/figure>\n\n\n\n<p> \u6240\u4ee5\u8fd9\u4e2a\u6f0f\u6d1e\u53ea\u80fd\u8bfb\u53d6\u5e26\u6587\u4ef6\u540e\u7f00\u7684\u6587\u4ef6\u3002 <\/p>\n\n\n\n<p>  \u8865\u4e01\u7684\u8bdd\u65b0\u589e\u4e86\u4e00\u4e2aisInvalidEncodedLocation()\u65b9\u6cd5\uff1a <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"649\" height=\"635\" src=\"https:\/\/blog.73007300.xyz\/wp-content\/uploads\/2020\/03\/image-21.png\" alt=\"\" class=\"wp-image-325\"\/><figcaption> \u5224\u65ad\u4e86\u8def\u5f84\u4e2d\u6709\u6ca1\u6709\"..\" <\/figcaption><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>\u6839\u636ehttps:\/\/www.baeldung.com\/spring-cloud-configuration&nbsp;\u642d\u73af\u5883\u3002\u5176\u4e2dpom.xml\u7684\u4f9d\u8d56\u6539\u4e3a\uff1a \u542f\u52a8\u9879\u76ee\u3002\u6839\u636e\u6587\u7ae0\u7684\u4ecb\u7ecd\uff0c\u67e5\u8be2\u8bed\u53e5\u7684\u683c\u5f0f\u4e3a\uff1a label\u662fgit\u5206\u652f application \u662f\u5e94\u7528\u540d\u5b57 profile \u662f\u5f53\u524d\u6b63\u5728\u4f7f\u7528\u5e94\u7528\u7684profile\u6b63\u5e38\u7684\u8bf7\u6c42\uff0c\u53ef\u4ee5\u8bfb\u53d6git\u4ed3\u5e93\u4e0b\u7684\u4efb\u4f55\u6587\u4ef6 \u800c\u95ee\u9898\u5c31\u51fa\u5728{label} \u5148\u4e0aPOC\uff1a \u901a\u8fc7\u8865\u4e01https:\/\/github.com\/spring-cloud\/spring-cloud-config\/commit\/651f458919c40ef9a5e93e7d76bf98575910fad0&nbsp;\u5b9a\u4f4d\u5230\u9700\u5728 spring-cloud-config-server\/src\/main\/java\/org\/springframework\/cloud\/config\/server\/resource\/ResourceController.java \u4e0b\u65ad\u70b9 debug \u53d1\u9001payload: \u8ddf\u8fdb&nbsp;resolveLabel()\u65b9\u6cd5\uff1a \u6240\u4ee5label\u90e8\u5206\u8de8\u76ee\u5f55\u65f6\u4e0d\u80fd\u51fa\u73b0\/ \uff0c\u5426\u5219\/\u53f3\u8fb9\u7684\u90e8\u5206\u5c31\u89c6\u4e3agit \u4ed3\u5e93\u4e0b\u7684\u6587\u4ef6\u4e86\u3002 \u6587\u4ef6\u5b58\u5728\uff0c\u8df3\u51fa\u5faa\u73af\u3002 \u6240\u4ee5\u8fd9\u4e2a\u6f0f\u6d1e\u53ea\u80fd\u8bfb\u53d6\u5e26\u6587\u4ef6\u540e\u7f00\u7684\u6587\u4ef6\u3002 \u8865\u4e01\u7684\u8bdd\u65b0\u589e\u4e86\u4e00\u4e2aisInvalidEncodedLocation()\u65b9\u6cd5\uff1a<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,2],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.73007300.xyz\/index.php?rest_route=\/wp\/v2\/posts\/308"}],"collection":[{"href":"https:\/\/blog.73007300.xyz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.73007300.xyz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.73007300.xyz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.73007300.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=308"}],"version-history":[{"count":3,"href":"https:\/\/blog.73007300.xyz\/index.php?rest_route=\/wp\/v2\/posts\/308\/revisions"}],"predecessor-version":[{"id":327,"href":"https:\/\/blog.73007300.xyz\/index.php?rest_route=\/wp\/v2\/posts\/308\/revisions\/327"}],"wp:attachment":[{"href":"https:\/\/blog.73007300.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=308"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.73007300.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=308"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.73007300.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=308"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}