Spring4Shell-PoC Application

This application has been containerized and is susceptible to the Spring4Shell flaw (CVE-2022-22965). The war's complete Java source is available and changeable; it may be rebuilt each time the docker image is created. Tomcat will then start loading the created WAR. This application is a straightforward hello world that is based on Spring tutorials. It has nothing exceptional to offer.

Requirements

Docker
Python3 + requests library

Instructions

Clone the repository
Build and run the container: docker build . -t spring4shell && docker run -p 8080:8080 spring4shell
App should now be available at http://localhost:8080/helloworld/greeting
Run the exploit.py script: python exploit.py --url "http://localhost:8080/helloworld/greeting"
Visit the created webshell! Modify the cmd GET parameter for your commands. (http://localhost:8080/shell.jsp by default)

Document is added explaining full exploit detail.

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
src		src
.gitignore		.gitignore
CVE-2022-22965-Spring4Shell.pdf		CVE-2022-22965-Spring4Shell.pdf
CVE-2022-22965.mp4		CVE-2022-22965.mp4
Dockerfile		Dockerfile
README.md		README.md
exploit.py		exploit.py
pom.xml		pom.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Spring4Shell-PoC Application

Requirements

Instructions

About

Releases

Packages

Languages

devengpk/CVE-2022-22965

Folders and files

Latest commit

History

Repository files navigation

Spring4Shell-PoC Application

Requirements

Instructions

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages