Spring4Shell-POC – Dockerized Spring4Shell (CVE-2022-22965) PoC Application And Exploit

May 10, 2022
  1. Run the exploit.py script: python exploit.py --url "http://localhost:8080/helloworld/greeting"

  1. Visit the created webshell! Modify the cmd GET parameter for your commands. (http://localhost:8080/shell.jsp by default)

Notes

Fixed! As of this writing, the container (possibly just Tomcat) must be restarted between exploitations. I’m actively trying to resolve this.

Re-running the exploit will create an extra artifact file of {old_filename}_.jsp.

PRs/DMs @Rezn0k are welcome for improvements!

Credits

  • @esheavyind for help on building a PoC. Check out their writeup at: https://gist.github.com/esell/c9731a7e2c5404af7716a6810dc33e1a
  • @LunaSecIO for improving the documentation and exploit
  • @rwincey for making the exploit replayable without requiring a Tomcat restart
Download Spring4Shell-POC

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source

You may have missed

CISA Logo

CISA: CISA Releases One Industrial Control Systems Advisory

November 16, 2024
CISA Logo

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

November 16, 2024
CISA Logo

CISA: Oracle Releases Quarterly Critical Patch Update Advisory for October 2024

November 16, 2024
CISA Logo

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

November 16, 2024
CISA Logo

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

November 16, 2024