This is a simple Spring MVC 5.x application project built with Maven, incorporating dependencies such Bootstrap, J2EE and Spring Security Module. Originally built for an interview coding assignment even though the author did not eventually work for that company. Full source code is released under GNU GPL v3.
P.S. The project is misnamed CRMMVC, should be CMSMVC but it was too late to change :)
This repository has been forked and configure to demonstrate two Java EE based vulnerabilities:
- Log4j dependency adding into pom.xml using vulnerable version 2.14.1.
- Injected vulnerable code into
/login2routing in LoginController.java - Docker container using Tomcat 8.x on Java 8 image
tomcat:8.0.36-jre8.
- Spring Security filtering disabled in web.xml.
- Spring Framework downgraded to vulnerable version 5.3.17 in pom.xml.
- Docker container using Tomcat 9.x on Java 11 image
tomcat-9.0.59-jdk11.
We use Vagrant for provisioning of VirtualBox virtual an attacker and victim server machine for the purpose of this POC. Internally, the server VM uses Docker technology to spin up containers that binds to the respective port on the server host.
- In terminal, change directory to
environment/. - Ensure Vagrant and Virtualbox is installed (See https://www.vagrantup.com/downloads).
- Run
vagrant upin terminal.
$ cd ~/crmmvc/environment/
$ vagrant up
- Connect to MySQL Server 8.x or MariaDB on MySQL Workbench using DBAdmin User database credentials located in db/db.env.
- Under Navigator panel, select Management tab, select Data Import/Restore.
- Under Import from Self-Contained File, locate the Database.sql inside
db/directory. - Under Default Schema to be Imported to section, click New to create new schema.
- Ensure 'Dump Structure and Data' is selected, click Start Import.
- Using IntelliJ IDEA Ultimate (Can be activated using Academic Licence)
- Open in Spring MVC source project in IntelliJ IDEA Ultimate IDE.
- Open up src/main/resources/application.properties in the source project.
- Ensure database credentials jdbc.url, jdbc.username and jdbc.password are correct. Save for any change.
- Open the Maven tab located on the right-hand side of the IDE, and go to
CRMMVC Maven Webapp>Lifecycle>package. - CRMMVC.war should appear under
target/directory of the project root.
- Using Maven
- Ensure Maven is installed in the system and added into System Environmental PATH (Refer to https://maven.apache.org/install.html).
- In the terminal, change the working directory to .
$ cd ~/crmmvc/
- Run Maven to clean and package the project into a web archive. CRMMVC.war should appear under
target/directory of the project root.
$ mvn clean package
- Set up a Tomcat 9.x installation by downloading and unzip the archive from https://tomcat.apache.org/download-90.cgi. Ensure JRE > 8.x is installed.
- In IntelliJ, go to
Run>Edit Configurations. - In the
Run/Debug Configurationsdialog, click+and selectTomcat Server>Local. - In Server tab, click
Configurebutton besideApplication Server. - In Application Server dialog, click on
+. Ensure Tomcat Home and Tomcat base directory is pointing to the unzipped Tomcat installation (e.g. /usr/share/tomcat9/). Click OK. - In the
Run/Debug Configurations, go to Deployment tab and click+. Select artifactCRMMVC.WAR. Specify theApplication Context(e.g. /CRMMVC), then click OK. - Go to
Run>Run...or press Shift+F10 to run project in Tomcat server.
- Ensure Docker is installed in the system. See https://docs.docker.com/get-docker/ for details.
- In the terminal, change the working directory to , then run Docker Compose.
$ cd ~/crmmvc/
$ docker-compose up --build
- Copy target/CRMMVC.war to <your tomcat directory>/webapps/ of your Tomcat server installation. Restart Tomcat server if necessary.
- Open up web browser and access the URL http://:8080/CRMMVC/.