Kali Linux

Spring4Shell-POC : Dockerized Spring4Shell (CVE-2022-22965) PoC Application And Exploit

Spring4Shell-POC is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965). Full Java source for the war is provided and modifiable, the war will get re-built whenever the docker image is built. The built WAR will then be loaded by Tomcat. There is nothing special about this application, it’s a simple hello world that’s based off Spring tutorials.

Requirements

  • Docker
  • Python3 + requests library

Instructions

  • Clone the repository
  • Build and run the container: docker build . -t spring4shell && docker run -p 8080:8080 spring4shell
  • App should now be available at http://localhost:8080/helloworld/greeting
  • Run the exploit.py script: python exploit.py --url "http://localhost:8080/helloworld/greeting"
  • Visit the created webshell! Modify the cmd GET parameter for your commands. (http://localhost:8080/shell.jsp by default)
Download
R K

Leave a Comment
Share
Published by
R K
Tags: POCSpring4Shell-POC
3 years ago

Recent Posts

How Web Application Firewalls (WAFs) Work

General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…

2 weeks ago

How to Send POST Requests Using curl in Linux

How to Send POST Requests Using curl in Linux If you work with APIs, servers,…

2 weeks ago

What Does chmod 777 Mean in Linux

If you are a Linux user, you have probably seen commands like chmod 777 while…

2 weeks ago

How to Undo and Redo in Vim or Vi

Vim and Vi are among the most powerful text editors in the Linux world. They…

2 weeks ago

How to Unzip and Extract Files in Linux

Working with compressed files is a common task for any Linux user. Whether you are…

2 weeks ago

Free Email Lookup Tools and Reverse Email Search Resources

In the digital era, an email address can reveal much more than just a contact…

2 weeks ago