Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-22965 PoC — Spring Framework 代码注入漏洞

Source
https://github.com/ZapcoMan/spring4shell-vulnerable-application
Associated Vulnerability
Title:Spring Framework 代码注入漏洞 (CVE-2022-22965)
Description:A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Description
(CVE-2022-22965)PoC 应用程序和漏洞利用
Readme
README.md
# Spring4Shell PoC 应用程序
# (CVE-2022-22965)概念验证应用程序和漏洞利用

这是一个容易受到Spring4Shell漏洞(CVE-2022-22965)影响的docker化应用程序。提供了WAR的完整Java源代码并可以修改,每次构建docker镜像时都会重新构建WAR文件。然后Tomcat将加载构建好的WAR文件。这个应用程序没有什么特别之处,它是一个简单的“Hello World”应用程序,基于[Spring教程](https://spring.io/guides/gs/handling-form-submission/)。

详细信息: https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities

遇到POC问题?请查看LunaSec的分支:https://github.com/lunasec-io/Spring4Shell-POC,它维护得更积极。

## 要求

1. Docker
2. Python3 + requests库

## 指南

1. 克隆仓库
2. 构建并运行容器: `docker build . -t spring4shell && docker run -p 8080:8080 spring4shell`
3. 应用程序现在应该可以在 http://localhost:8080/helloworld/greeting 访问

## 注意事项

**已修复!** ~~截至目前,容器(可能是Tomcat)必须在每次利用之间重启。我正在积极尝试解决这个问题。~~

重新运行利用将在服务器上创建一个额外的{old_filename}_.jsp文件。



## 致谢

- []() 提供了构建PoC的帮助。查看他们的说明:https://gist.github.com/esell/c9731a7e2c5404af7716a6810dc33e1a
- []() 改进了文档和利用脚本
- []() 使利用脚本无需重启Tomcat即可重复运行
File Snapshot

 [4.0K]  /data/pocs/7050b39c46e2741e92bce571cd32349ddfbf64ad
├── [ 557]  Dockerfile
├── [1.8K]  pom.xml
├── [1.4K]  README.md
└── [4.0K]  src
    ├── [4.0K]  main
    │   ├── [4.0K]  java
    │   │   └── [4.0K]  com
    │   │       └── [4.0K]  reznok
    │   │           └── [4.0K]  helloworld
    │   │               ├── [ 317]  Greeting.java
    │   │               ├── [ 654]  HelloController.java
    │   │               └── [ 440]  HelloworldApplication.java
    │   └── [4.0K]  resources
    │       ├── [   1]  application.properties
    │       └── [4.0K]  templates
    │           └── [ 185]  hello.html
    └── [4.0K]  test
        └── [4.0K]  java
            └── [4.0K]  com
                └── [4.0K]  reznok
                    └── [4.0K]  helloworld
                        └── [ 217]  HelloworldApplicationTests.java

13 directories, 9 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →