Skip to content

tauh33dkhan/Spring4Shell-POC-Verification-Lab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits

tomcat_8.5.73-jdk11-spb.2.6.3

tomcat_8.5.73-jdk11-spb.2.6.3

 
 

tomcat_8.5.78-jdk11-spb-2.6.3

tomcat_8.5.78-jdk11-spb-2.6.3

 
 

tomcat_8.5.78-jdk8-spb-2.6.6

tomcat_8.5.78-jdk8-spb-2.6.6

 
 

README.md

README.md

 
 

Repository files navigation

Spring4Shell-POC-Verification-Lab

This lab is created to test poc exploits on vulnerable, partially vulnerable and fixed version of spring boot deployment.

Lab 1: Vulnerable deployment

Tomcat: 8.5.73
Spring boot: 2.6.3
JDK: 11

Read how to deploy lab & test results

Lab 2: Partially vulnerable deployment

Here I used vulnerable spring boot and JDK version but fixed tomcat version

Tomcat: 8.5.78
Spring boot: 2.6.3
JDK: 11

Read how to deploy lab & test results

Lab 3: Fixed Deployment

Here I used fixed spring boot, tomcat and not vulnerable JDK version

Tomcat: 8.5.78
Spring boot: 2.6.6
JDK: 8

Read how to deploy lab & test results

Working POC

After testing many poc on lab I found this poc is properly able to detect the vulnerable deployment which gives

  • 400 error response on vulnerable lab.
  • 500 error response on fixed tomcat but vulnerable spring boot lab and
  • 200 OK response on fixed tomcat as well as spring boot lab.

source: https://twitter.com/hiaray115/status/1512147033309786119

host:port/path?class.module.classLoader.resources.baseUrls%5B0%5D=0

Credits

All labs use POC application shared by @reznok

About

This lab is created to test poc exploits on vulnerable, partially vulnerable and fixed version of spring boot deployment

Resources

Readme
Activity

Stars

5 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages