Spring4Shell-POC – Dockerized Spring4Shell (CVE-2022-22965) PoC Application And Exploit

May 10, 2022
  1. Run the exploit.py script: python exploit.py --url "http://localhost:8080/helloworld/greeting"

  1. Visit the created webshell! Modify the cmd GET parameter for your commands. (http://localhost:8080/shell.jsp by default)

Notes

Fixed! As of this writing, the container (possibly just Tomcat) must be restarted between exploitations. I’m actively trying to resolve this.

Re-running the exploit will create an extra artifact file of {old_filename}_.jsp.

PRs/DMs @Rezn0k are welcome for improvements!

Credits

  • @esheavyind for help on building a PoC. Check out their writeup at: https://gist.github.com/esell/c9731a7e2c5404af7716a6810dc33e1a
  • @LunaSecIO for improving the documentation and exploit
  • @rwincey for making the exploit replayable without requiring a Tomcat restart
Download Spring4Shell-POC

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source
Tags: , , , ,

You may have missed

image 1

8 Base Ransomware Victim: YRW Limited – Chartered Accountants

May 4, 2024
image 1

8 Base Ransomware Victim: APS – Automotive Parts Solutions

May 4, 2024
image 1

8 Base Ransomware Victim: PWS – The Laundry Company

May 4, 2024
gophish

GoPhish Login Page Detected – 34[.]49[.]82[.]229:443

May 4, 2024
gophish

GoPhish Login Page Detected – 172[.]166[.]230[.]67:8443

May 4, 2024