## https://sploitus.com/exploit?id=B9DE4C0C-462E-5904-9D3C-0EE70F9E3258
This is a proof-of-concept (PoC) exploit for CVE-2024-38819, a high-risk path traversal vulnerability in the Spring Framework. The vulnerability allows an attacker to access sensitive files on the server by constructing a malicious HTTP request with a specially crafted path.
The PoC code is a simple Spring Boot application that demonstrates the vulnerability. It has a single endpoint, "/static/{path}", that takes a path parameter and returns the contents of the file at that path. The application uses the Spring Framework's built-in path handling to resolve the path, which is vulnerable to path traversal attacks.
To exploit the vulnerability, an attacker can send a request to the "/static/{path}" endpoint with a path parameter that contains a ".." sequence, which will be interpreted as a directory traversal. For example, if the vulnerable application is hosted on a server with the path "/var/www/app", an attacker can send a request to "/static/../../../../etc/passwd" to access the contents of the "/etc/passwd" file.
The PoC code includes a Maven project that can be built and run to demonstrate the vulnerability. The project has a single dependency on the Spring Framework, and the application is configured to use the vulnerable path handling.
The vulnerability is present in Spring Framework versions