Giters

devengpk / CVE-2022-22965

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Spring4Shell-PoC Application

This application has been containerized and is susceptible to the Spring4Shell flaw (CVE-2022-22965). The war's complete Java source is available and changeable; it may be rebuilt each time the docker image is created. Tomcat will then start loading the created WAR. This application is a straightforward hello world that is based on Spring tutorials. It has nothing exceptional to offer.

Requirements

  1. Docker
  2. Python3 + requests library

Instructions

  1. Clone the repository
  2. Build and run the container: docker build . -t spring4shell && docker run -p 8080:8080 spring4shell
  3. App should now be available at http://localhost:8080/helloworld/greeting
  4. Run the exploit.py script: python exploit.py --url "http://localhost:8080/helloworld/greeting"
  5. Visit the created webshell! Modify the cmd GET parameter for your commands. (http://localhost:8080/shell.jsp by default)

Document is added explaining full exploit detail.

About

Languages

Language:Python 63.7%Language:Java 25.0%Language:Dockerfile 8.5%Language:HTML 2.8%