Kali Linux

Spring4Shell-POC : Dockerized Spring4Shell (CVE-2022-22965) PoC Application And Exploit

Spring4Shell-POC is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965). Full Java source for the war is provided and modifiable, the war will get re-built whenever the docker image is built. The built WAR will then be loaded by Tomcat. There is nothing special about this application, it’s a simple hello world that’s based off Spring tutorials.

Requirements

  • Docker
  • Python3 + requests library

Instructions

  • Clone the repository
  • Build and run the container: docker build . -t spring4shell && docker run -p 8080:8080 spring4shell
  • App should now be available at http://localhost:8080/helloworld/greeting
  • Run the exploit.py script: python exploit.py --url "http://localhost:8080/helloworld/greeting"
  • Visit the created webshell! Modify the cmd GET parameter for your commands. (http://localhost:8080/shell.jsp by default)
R K

Recent Posts

Install Mono on Ubuntu 18.04: C# Compiler and Runtime Guide

Running programs built for Microsoft's framework on a Linux system is easier than you think. Mono is…

7 hours ago

Install OpenCV on Ubuntu 18.04: Step-by-Step Setup Guide

Computer vision technology powers many modern applications, from image editors to facial scanners. OpenCV (Open Source Computer…

8 hours ago

Install VNC on Ubuntu 18.04: Step-by-Step TigerVNC Setup

A remote desktop interface makes it easy to manage a remote computer. VNC (Virtual Network Computing) is…

8 hours ago

Install Gitea on Ubuntu 18.04: Self-Hosted Git Service Guide

Hosting your own code repositories is a great way to keep your projects private. Gitea is a…

8 hours ago

Install Java on Ubuntu 18.04: OpenJDK 11 and OpenJDK 8

Many modern programs require Java to run. From development tools like Eclipse to search systems…

8 hours ago

Configure a Static IP Address on Ubuntu 18.04: Netplan Guide

Setting a static IP address on your server is a smart move. It ensures your…

1 day ago