Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-22968 PoC — Vmware Spring Framework 安全特征问题漏洞

Source
https://github.com/MarcinGadz/spring-rce-poc
Associated Vulnerability
Title:Vmware Spring Framework 安全特征问题漏洞 (CVE-2022-22968)
Description:In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
Description
Testing CVE-2022-22968
Readme
# spring-rce-poc
Testing CVE-2022-22968  
Simple app vulnerable to CVE-2022-22968
- `Dockerfile` could be used to build it on vulnerable version of `Tomcat (9.0.59)`  
- `exploit.sh` is a shell script which is trying to exploit this cve on 8080 port of localhost  

If attack with `exploit.sh` was succesfull, on context of `http://localhost:8080/shell.jsp` on a target app should be accessible  
simple JSP website with basic webshell.
File Snapshot

 [4.0K]  /data/pocs/3681428af9675673d3cb2e3d8365ae518a9a9c43
├── [ 113]  Dockerfile
├── [2.9K]  exploit.sh
├── [1.8K]  pom.xml
├── [ 438]  README.md
├── [ 150]  run.sh
└── [4.0K]  src
    └── [4.0K]  main
        ├── [4.0K]  java
        │   └── [4.0K]  com
        │       └── [4.0K]  pbiot
        │           └── [4.0K]  springrce
        │               ├── [ 735]  HelloController.java
        │               ├── [ 571]  Message.java
        │               └── [ 679]  SpringRceApplication.java
        └── [4.0K]  resources
            ├── [   1]  application.properties
            └── [4.0K]  templates
                └── [ 299]  hello.html

8 directories, 10 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →