Home Kali Linux Spring4Shell-POC : Dockerized Spring4Shell (CVE-2022-22965) PoC Application And Exploit

Kali Linux

Spring4Shell-POC : Dockerized Spring4Shell (CVE-2022-22965) PoC Application And Exploit

June 22, 2022

Spring4Shell-POC is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965). Full Java source for the war is provided and modifiable, the war will get re-built whenever the docker image is built. The built WAR will then be loaded by Tomcat. There is nothing special about this application, it’s a simple hello world that’s based off Spring tutorials.

Requirements

Docker
Python3 + requests library

Instructions

Clone the repository
Build and run the container: docker build . -t spring4shell && docker run -p 8080:8080 spring4shell
App should now be available at http://localhost:8080/helloworld/greeting
Run the exploit.py script: python exploit.py --url "http://localhost:8080/helloworld/greeting"
Visit the created webshell! Modify the cmd GET parameter for your commands. (http://localhost:8080/shell.jsp by default)

Download

Spring4Shell-POC : Dockerized Spring4Shell (CVE-2022-22965) PoC Application And Exploit

Requirements

Instructions

LEAVE A REPLY Cancel reply

APPLICATIONS

Contributing Your Work – A Guide To Submitting Exploits On GitHub

Threagile : Agile Threat Modeling Toolkit

How to Install and Run Rust on Linux

TiEtwAgent : PoC Memory Injection Detection Agent Based On ETW, For Offensive And Defensive...

HOT NEWS

Git All The Payloads! A Collection Of Web Attack Payloads

EVEN MORE NEWS

GPOHunter – Active Directory Group Policy Security Analyzer

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With...

SecHub : Streamlining Security Across Software Development Lifecycles

POPULAR CATEGORY

Bad-PDF To Steal NTLM Hashes From Windows Machines

UBoat – A POC HTTP Botnet Project

Ronin : A Ruby Platform For Vulnerability Research & Exploit Development