Remote Spring4Shell (CVE-2022-22965) PoC\RCE

[Desoxyn]

GitHub - BobTheShoplifter/Spring4Shell-POC: Spring4Shell Proof Of Concept/And vulnerable application CVE-2022-22965

Spring4Shell Proof Of Concept/And vulnerable application CVE-2022-22965 - BobTheShoplifter/Spring4Shell-POC

github.com

• clone sample repo from https://spring.io/guides/gs/handling-form-submission/
• you can skip right to the gs-handling-form-submission/complete directory, no need to follow the tutorial
• modify it so that you can build a war file (https://www.baeldung.com/spring-boot-war-tomcat-deploy). build war file
• install tomcat9 + java 11 (i did it on ubuntu 20.04 via apt-get)
• deploy the war file
• update the PoC (https://share.vx-underground.org/) to write the tomcatwar.jsp file to webapps/handling-form-submission instead of webapps/ROOT
• run PoC (ignore the URL it gives you for the webshell): python3 exp.py --url http://your.ip.here:8080/handling-form-submission-complete/greeting
• you should see the "tomcatwar.jsp" file now in webapps/handling-form-submission
• hit http://your.ip.here:8080/handling-form-submission/tomcatwar.jsp?pwd=j&cmd=id to see the results

 

[TheWinnieThePooh1337]

I dont think there is a PoC that abuses something else than tomcat right?