Spring4Shell-POC : Dockerized Spring4Shell (CVE-2022-22965) PoC Application And Exploit
.png)
Spring4Shell-POC is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965). Full Java source for the war is provided and modifiable, the war will get re-built whenever the docker image is built. The built WAR will then be loaded by Tomcat. There is nothing special about this application, it’s a simple hello world that’s based off Spring tutorials.
Requirements
- Docker
- Python3 + requests library
Instructions
- Clone the repository
- Build and run the container:
docker build . -t spring4shell && docker run -p 8080:8080 spring4shell - App should now be available at http://localhost:8080/helloworld/greeting
- Run the exploit.py script:
python exploit.py --url "http://localhost:8080/helloworld/greeting" - Visit the created webshell! Modify the
cmdGET parameter for your commands. (http://localhost:8080/shell.jspby default)
Recent Posts
Playwright-MCP : A Powerful Tool For Browser Automation
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev : A Tool For Jailbreak And TrollStore Development
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs : A Hands-On Security Testing Playground
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…