Spring4Shell-POC : Dockerized Spring4Shell (CVE-2022-22965) PoC Application And Exploit

Spring4Shell-POC is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965). Full Java source for the war is provided and modifiable, the war will get re-built whenever the docker image is built. The built WAR will then be loaded by Tomcat. There is nothing special about this application, it’s a simple hello world that’s based off Spring tutorials.

Requirements

Docker
Python3 + requests library

Instructions

Clone the repository
Build and run the container: docker build . -t spring4shell && docker run -p 8080:8080 spring4shell
App should now be available at http://localhost:8080/helloworld/greeting
Run the exploit.py script: python exploit.py --url "http://localhost:8080/helloworld/greeting"
Visit the created webshell! Modify the cmd GET parameter for your commands. (http://localhost:8080/shell.jsp by default)

Related

Understanding And Utilizing The Tomcat – CVE-2024-50379 Proof-of-Concept (PoC)

February 4, 2025

In "Cyber security"

CVE-2024-25600_Nuclei-Template : Unveiling Remote Code Execution In WordPress’s Bricks Plugin

February 26, 2024

In "Cyber security"

CVE-2023-6000 PoC : Detecting WordPress Plugin Vulnerabilities

March 12, 2024

In "Cyber security"

R K

Next AutoResponder : Carbon Black Response IR Tool »

Previous « CVE-Tracker : With The Help Of This Automated Script, You Will Never Lose Track Of Recently Released CVEs

Leave a Comment

Share

Published by

R K

Tags: POCSpring4Shell-POC

4 years ago

Recent Posts

Cyber security

How AI Puts Data Security at Risk

Artificial Intelligence (AI) is changing how industries operate, automating processes, and driving new innovations. However,…

2 weeks ago

TECH

The Evolution of Cloud Technology: Where We Started and Where We’re Headed

Image credit:pexels.com If you think back to the early days of personal computing, you probably…

3 weeks ago

TECH

The Evolution of Online Finance Tools In a Tech-Driven World

In an era defined by technological innovation, the way people handle and understand money has…

3 weeks ago

OSINT

A Complete Guide to Lenso.ai and Its Reverse Image Search Capabilities

The online world becomes more visually driven with every passing year. Images spread across websites,…

3 weeks ago

Cyber security

How Web Application Firewalls (WAFs) Work

General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…

2 months ago

Linux

How to Send POST Requests Using curl in Linux

How to Send POST Requests Using curl in Linux If you work with APIs, servers,…

2 months ago

L