CVE-2022-22965 PoC — Spring Framework 代码注入漏洞

Source

https://github.com/likewhite/CVE-2022-22965

Associated Vulnerability

Title:Spring Framework 代码注入漏洞 (CVE-2022-22965)
Description:A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Description

CVE-2022-22965 EXP

Readme

# CVE-2022-22965
CVE-2022-22965 EXP\n
一般环境需求：
1.是否使用Spring框架，若未使用，则不存在该漏洞

2.是否使⽤Spring参数绑定，若未使用，则不存在该漏洞

3.中间件使用的JDK版本，若版本号小于9，则不存在该漏洞

4.当前使用的中间件是否为Tomcat，若未使用Tomcat，则暂不受该漏洞影响。

5.Tomcat是否启用了AccessLog，若未启用，则暂不受该漏洞影响
在server.xml配置文件中，通过org.apache.catalina.valves.AccessLogValve关键字可定位到AccessLog相关配置。

官方通告中特定场景：

1.打包为传统的 WAR（与 Spring Boot 可执行 jar 相比）

2.spring-webmvc或spring-webflux依赖

3.Spring Framework 版本 5.3.0 到 5.3.17、5.2.0 到 5.2.19 以及更早的版本

exp环境需求：

python3

需要python包：requests、argparse、urllib.parse

![image](https://user-images.githubusercontent.com/68556929/161184438-cdf1e28c-4cb8-464f-80d1-6064e32c0059.png)


![image](https://user-images.githubusercontent.com/68556929/161184462-c9a88737-4efc-464b-9b3e-fc06c1e5be59.png)

File Snapshot


 [4.0K]  /data/pocs/23b2653220954d2c3d0358d990450388d03b19f6
├── [767K]  CobaltstrikeCN.jar
├── [2.6K]  cobaltstrike.store
├── [3.0K]  CVE-2022-22965.py
├── [5.8K]  hook.jar
├── [1.1K]  README.md
└── [1.9K]  teamserver

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!