Add new rce tricks

关注项目的人好像不少，更新几个 RCE 方法

Author: LandGrey

.gitignore

@@ -3,3 +3,4 @@
 
 **/target/**
 **/.idea/**
+*.iml

README.md

@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>org.example</groupId>
+    <artifactId>springboot-restart-rce</artifactId>
+    <version>1.0-SNAPSHOT</version>
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>2.2.1.RELEASE</version>
+    </parent>
+
+    <properties>
+        <java.version>1.8</java.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-actuator</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-config</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-jpa</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>com.h2database</groupId>
+            <artifactId>h2</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.codehaus.groovy</groupId>
+            <artifactId>groovy</artifactId>
+            <version>2.5.8</version>
+        </dependency>
+
+    </dependencies>
+
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.springframework.cloud</groupId>
+                <artifactId>spring-cloud-dependencies</artifactId>
+                <version>Hoxton.SR1</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

repository/springboot-restart-rce/pom.xml

@@ -0,0 +1,11 @@
+package code.landgrey;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class Application {
+    public static void main(String[] args){
+        SpringApplication.run(Application.class,args);
+    }
+}

repository/springboot-restart-rce/src/main/java/code/landgrey/Application.java

@@ -0,0 +1,16 @@
+package code.landgrey.controller;
+
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@EnableAutoConfiguration
+public class Article {
+    @RequestMapping("/article")
+    public String hello(String id){
+        int total = 100;
+        String message = String.format("You've read %s books, and there are %d left", id, total - Integer.valueOf(id));
+        return message;
+    }
+}

repository/springboot-restart-rce/src/main/java/code/landgrey/controller/Article.java

@@ -0,0 +1,27 @@
+server.port=9098
+server.address=127.0.0.1
+
+
+# vulnerable configuration set 0: spring boot 1.0 - 1.4
+# all spring boot versions 1.0 - 1.4 expose actuators by default without any parameters
+# no configuration required to expose them
+
+# safe configuration set 0: spring boot 1.0 - 1.4
+#management.security.enabled=true
+
+# vulnerable configuration set 1: spring boot 1.5+
+# spring boot 1.5+ requires management.security.enabled=false to expose sensitive actuators
+#management.security.enabled=false
+
+# safe configuration set 1: spring boot 1.5+
+# when 'management.security.enabled=false' but all sensitive actuators explicitly disabled
+#management.security.enabled=false
+
+## vulnerable configuration set 2: spring boot 2+
+#management.security.enabled=false
+#management.endpoint.refresh.enabled=true
+management.endpoints.web.exposure.include=env,restart,refresh
+#management.endpoints.web.exposure.include=*
+management.endpoint.restart.enabled=true
+
+spring.datasource.data