Spring4Shell-POC : Dockerized Spring4Shell (CVE-2022-22965) PoC Application And Exploit

Spring4Shell-POC is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965). Full Java source for the war is provided and modifiable, the war will get re-built whenever the docker image is built. The built WAR will then be loaded by Tomcat. There is nothing special about this application, it’s a simple hello world that’s based off Spring tutorials.

Requirements

Docker
Python3 + requests library

Instructions

Clone the repository
Build and run the container: docker build . -t spring4shell && docker run -p 8080:8080 spring4shell
App should now be available at http://localhost:8080/helloworld/greeting
Run the exploit.py script: python exploit.py --url "http://localhost:8080/helloworld/greeting"
Visit the created webshell! Modify the cmd GET parameter for your commands. (http://localhost:8080/shell.jsp by default)

Related

Understanding And Utilizing The Tomcat – CVE-2024-50379 Proof-of-Concept (PoC)

February 4, 2025

In "Cyber security"

CVE-2024-25600_Nuclei-Template : Unveiling Remote Code Execution In WordPress’s Bricks Plugin

February 26, 2024

In "Cyber security"

CVE-2023-6000 PoC : Detecting WordPress Plugin Vulnerabilities

March 12, 2024

In "Cyber security"

R K

Next AutoResponder : Carbon Black Response IR Tool »

Previous « CVE-Tracker : With The Help Of This Automated Script, You Will Never Lose Track Of Recently Released CVEs

Leave a Comment

Share

Published by

R K

Tags: POCSpring4Shell-POC

4 years ago

Recent Posts

How To

Bash Scripting Best Practices Every Beginner Should Know

Introduction Bash scripting is a powerful way to automate Linux tasks, but writing a script…

1 day ago

How To

How To Create A Self-Signed SSL Certificate Using Bash And OpenSSL

Introduction A self-signed SSL certificate is a certificate that is created and signed by the…

2 days ago

How To

How To Debug Bash Scripts Using bash -x And set Commands

Introduction Debugging is an important part of Bash scripting. When a script does not work…

2 days ago

How To

How To Use Cron Jobs With Bash Scripts For Automation

Introduction Cron jobs are used in Linux to run commands or Bash scripts automatically at…

2 days ago

How To

How To Use Pipes In Bash Scripts For Command Chaining

Introduction Pipes are an important feature in Linux and Bash scripting. A pipe allows you…

2 days ago

How To

How To Use grep, awk, And sed In Bash Scripts

Introduction The grep, awk, and sed commands are powerful text-processing tools in Linux. They are…

2 days ago

L