CVE-2022-22965 PoC — Spring Framework 代码注入漏洞

Source

Associated Vulnerability

Description

CVE-2022-22965 POC

Readme

# CVE-2022-22965
### 2022.04.02 16:44
优化了POC，不再是一次性验证
Optimized POC, no longer a one-time validation

## 警告：此程序会破坏日志信息的完整性，请备份服务器数据！仅在在拥有服务器渗透测试授权的情况下使用！
## Warning: This program will destroy log information integrity, please back up server data! Use only if you have server penetration test authorization!

pocsuite -r CVE-2022-22965_POC_EXP.py -u url 

如下图，程序会自动生成一个随机的jsp网页，会随机生成jsp密码，修改jsp中cmd传入的参数，可以实现命令自由

As shown below, the program will automatically generate a random JSP page, will randomly generate JSP password, modify the parameters of CMD in JSP, can achieve command freedom

![exp](https://user-images.githubusercontent.com/54984589/161364675-2b2da489-1c9a-447c-a2e0-9d58300442da.gif)




# 免责声明
## 此工具仅用于学习、研究和自查。不应将其用于非法目的。使用本工具产生的一切风险与我无关！
# Disclaimer
## This tool is for study, research, and self-examination only. It should not be used for illegal purposes. All risks arising from the use of this tool have nothing to do with me!

File Snapshot

 [4.0K]  /data/pocs/9fa3f366b04fc4565868e1a5264a35150d714501
├── [4.0K]  CVE-2022-22965_POC_EXP.py
└── [1.2K]  README.md

0 directories, 2 files

Remarks