Skip to content
/ PoShI Public

A simple Java application vulnerable to PowerShell code injection under certain conditions (e.g. when executed on japanese Windows)

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

STMCyber/PoShI

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit

.gitignore

.gitignore

 
 

PoShI.java

PoShI.java

 
 

README.md

README.md

 
 

StreamHandler.java

StreamHandler.java

 
 

Repository files navigation

PoShI

A simple Java application vulnerable to PowerShell code injection under certain conditions (e.g., when executed on Japanese Windows) - see article on our blog page.

Build & run

Tested with OpenJDK 11 and Windows 10.

Go to PoShI directory and execute the following commands:

javac -d ./release PoShI.java StreamHandler.java
cd release
java -cp . -Dfile.encoding=UTF-8 PoShI

Examples

curl http://localhost:8000/date
curl http://localhost:8000/date?format=dd
curl http://localhost:8000/date?format=dd.MM.yyyy

About

A simple Java application vulnerable to PowerShell code injection under certain conditions (e.g. when executed on japanese Windows)

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages