SPEL

SpelController.java
package com.example.controller;

import org.springframework.expression.Expression;
import org.springframework.expression.ExpressionParser;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class SpelController {
    @GetMapping("/spel")
    public String spelInjection(@RequestParam String input) {
        ExpressionParser expressionParser = new SpelExpressionParser();
        Expression expression = expressionParser.parseExpression(input);
        Object object = expression.getValue();
        return object.toString();
    }
}

payload

image-20230313175505864

修复代码

image-20230313180546747
上一页Log4j2下一页SQL注入

最后更新于

这有帮助吗?