Skip to content
/ PoShI Public

A simple Java application vulnerable to PowerShell code injection under certain conditions (e.g. when executed on japanese Windows)

Notifications You must be signed in to change notification settings

STMCyber/PoShI

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 

Repository files navigation

PoShI

A simple Java application vulnerable to PowerShell code injection under certain conditions (e.g., when executed on Japanese Windows) - see article on our blog page.

Build & run

Tested with OpenJDK 11 and Windows 10.

Go to PoShI directory and execute the following commands:

javac -d ./release PoShI.java StreamHandler.java
cd release
java -cp . -Dfile.encoding=UTF-8 PoShI

Examples

curl http://localhost:8000/date
curl http://localhost:8000/date?format=dd
curl http://localhost:8000/date?format=dd.MM.yyyy

About

A simple Java application vulnerable to PowerShell code injection under certain conditions (e.g. when executed on japanese Windows)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages