Skip to content

Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit

Notifications You must be signed in to change notification settings

reznok/Spring4Shell-POC

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Spring4Shell PoC Application

This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965). Full Java source for the war is provided and modifiable, the war will get re-built whenever the docker image is built. The built WAR will then be loaded by Tomcat. There is nothing special about this application, it's a simple hello world that's based off Spring tutorials.

Details: https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities

Having issues with the POC? Check out the LunaSec fork at: https://github.com/lunasec-io/Spring4Shell-POC, it's more actively maintained.

Requirements

  1. Docker
  2. Python3 + requests library

Instructions

  1. Clone the repository
  2. Build and run the container: docker build . -t spring4shell && docker run -p 8080:8080 spring4shell
  3. App should now be available at http://localhost:8080/helloworld/greeting

WebPage

  1. Run the exploit.py script: python exploit.py --url "http://localhost:8080/helloworld/greeting"

WebPage

  1. Visit the created webshell! Modify the cmd GET parameter for your commands. (http://localhost:8080/shell.jsp by default)

WebPage

Notes

Fixed! As of this writing, the container (possibly just Tomcat) must be restarted between exploitations. I'm actively trying to resolve this.

Re-running the exploit will create an extra artifact file of {old_filename}_.jsp.

PRs/DMs @Rezn0k are welcome for improvements!

Credits

About

Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published