关联漏洞
标题:
Spring Framework 代码注入漏洞
(CVE-2022-22965)
描述:Spring Framework是美国Spring团队的一套开源的Java、JavaEE应用程序框架。该框架可帮助开发人员构建高质量的应用。 Spring Framework 存在代码注入漏洞,该漏洞源于 JDK 9+ 上的数据绑定的 RCE。以下产品和版本受到影响:5.3.0 至 5.3.17、5.2.0 至 5.2.19、较旧的和不受支持的版本也会受到影响。
描述
Hands-on lab on detecting and mitigating web app threats using OWASP ZAP, Burp Suite, and ModSecurity WAF (with OWASP CRS). Case study: Spring4Shell (CVE-2022-22965). Local Docker-based setup.
介绍
# web-threat-mitigation
Hands-on lab on detecting and mitigating web app threats using OWASP ZAP, Burp Suite, and ModSecurity WAF (with OWASP CRS). Case study: Spring4Shell (CVE-2022-22965). Local Docker-based setup.
# Web Threat Mitigation Lab – OWASP ZAP, ModSecurity & CVE Exploitation
This repository documents a lab focused on simulating, analyzing, and mitigating common web application threats. It includes installation of vulnerable targets, scanning tools, deployment of a WAF (ModSecurity with OWASP CRS), and a live exploitation of CVE-2022-22965 (Spring4Shell).
## Lab Objectives
- Deploy a vulnerable web application (WebGoat) using Docker
- Perform vulnerability scanning using OWASP ZAP and Burp Suite
- Setup a reverse proxy using Nginx + ModSecurity + OWASP CRS 4.9.0
- Analyze results before and after WAF implementation
- Exploit Spring4Shell and verify WAF effectiveness
## Tools Used
- Docker + Docker Compose
- OWASP ZAP and Burp Suite
- ModSecurity (via libnginx-mod-http-modsecurity)
- OWASP Core Rule Set (CRS 4.9.0)
- Kali Linux with Metasploit Framework
- CentOS 9 Stream & Debian 12
## Lab Workflow
1. **WebGoat Deployment** on CentOS using Docker, exposed on port 8080.
2. **Initial Scanning** from Kali Linux using OWASP ZAP:
- High-risk alerts: SQL Injection, Spring4Shell
- Medium: Missing CSP, CSRF Tokens, Parameter Tampering
- Info: Version leaks, potential XSS, session issues
3. **Reverse Proxy Deployment** on Debian 12 using nginx.
4. **WAF Setup** with OWASP CRS and rules loaded from:
```
/etc/nginx/coreruleset-4.9.0/crs-setup.conf
/etc/nginx/coreruleset-4.9.0/rules/*.conf
```
Rules were tested and enabled by checking ModSecurity logs.
5. **Post-WAF Scanning** using OWASP ZAP showed:
- Reduced alerts (blocked or masked responses)
- Confirmation of WAF protection in place
6. **Exploit Testing** using Metasploit against Spring4Shell:
- Without WAF: RCE successful (reverse shell payload)
- With WAF: Exploit blocked due to CRS detection
## Conclusion
The lab shows the importance of layered security:
- A vulnerable app can be exposed easily without protection
- ZAP/Burp help identify and categorize vulnerabilities
- ModSecurity and OWASP CRS effectively reduce attack surface
- WAFs can block real-world CVEs like Spring4Shell with proper tuning
## Author
Bruno Paolo Huamán Vela (Lima, Peru)
Cybersecurity Student – Ural Federal University (UrFU)
文件快照
[4.0K] /data/pocs/8390cf427f97307bd5058180f6819c88df02ec78
├── [ 671] lab_summary_en.md
├── [ 686] lab_summary_es.md
├── [2.9K] README.md
└── [4.0K] screenshots
├── [ 21K] centos9.jpg
├── [ 11K] coreruleset_on.png
├── [214K] coreruleset.png
├── [ 47K] coreruleset_vuln.png
├── [ 42K] debian_new.jpg
├── [ 71K] debian_nginx.jpg
├── [ 22K] debian_webgoat.jpg
├── [ 36K] docker.jpg
├── [ 45K] docker_on.jpg
├── [ 41K] docker_setup.jpg
├── [ 51K] docket_webgoat.jpg
├── [ 22K] modsec.jpg
├── [ 33K] modsec_vuln.png
├── [ 56K] owasp_zap.jpg
├── [ 17K] proxy_webgoat_debian.jpg
├── [ 25K] site_scan.jpg
├── [ 85K] site_vulne.jpg
├── [ 50K] spring4shell_exploit.png
├── [ 69K] spring4shell_options.jpg
└── [ 17K] webgoat_on.jpg
1 directory, 23 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。