Beware of the Magic SpEL(L) – Part 1 (CVE-2018-1273)
In Summary : An idea is nothing until it is put into action. When performing extensive code review, the creation of a proof of concept can...
https://updatesinfosec.blogspot.com/2018/05/beware-of-magic-spell-part-1-cve-2018.html
In Summary :
An idea is nothing until it is put into action. When performing extensive code review, the creation of a proof of concept can sometimes be difficult. Luckily, it was not the case for this vulnerability. The first step was obviously constructing a vulnerable environment. We reused an example project located in spring-data-examples repository. The web project used an interface as a form which is required to reach this specific mapper. [...]
kindly refer the following link as follow up :
https://ift.tt/2wI6VYn
An idea is nothing until it is put into action. When performing extensive code review, the creation of a proof of concept can sometimes be difficult. Luckily, it was not the case for this vulnerability. The first step was obviously constructing a vulnerable environment. We reused an example project located in spring-data-examples repository. The web project used an interface as a form which is required to reach this specific mapper. [...]
kindly refer the following link as follow up :
https://ift.tt/2wI6VYn
