CVE-2022-22965

2022.04.02 16:44

优化了POC，不再是一次性验证 Optimized POC, no longer a one-time validation

警告：此程序会破坏日志信息的完整性，请备份服务器数据！仅在在拥有服务器渗透测试授权的情况下使用！

Warning: This program will destroy log information integrity, please back up server data! Use only if you have server penetration test authorization!

pocsuite -r CVE-2022-22965_POC_EXP.py -u url

如下图，程序会自动生成一个随机的jsp网页，会随机生成jsp密码，修改jsp中cmd传入的参数，可以实现命令自由

As shown below, the program will automatically generate a random JSP page, will randomly generate JSP password, modify the parameters of CMD in JSP, can achieve command freedom

免责声明

此工具仅用于学习、研究和自查。不应将其用于非法目的。使用本工具产生的一切风险与我无关！

Disclaimer

This tool is for study, research, and self-examination only. It should not be used for illegal purposes. All risks arising from the use of this tool have nothing to do with me!

Wrin9 / CVE-2022-22965