关联漏洞
标题:
Spring Framework 代码注入漏洞
(CVE-2022-22965)
描述:Spring Framework是美国Spring团队的一套开源的Java、JavaEE应用程序框架。该框架可帮助开发人员构建高质量的应用。 Spring Framework 存在代码注入漏洞,该漏洞源于 JDK 9+ 上的数据绑定的 RCE。以下产品和版本受到影响:5.3.0 至 5.3.17、5.2.0 至 5.2.19、较旧的和不受支持的版本也会受到影响。
描述
Proof-of-Concept (POC) of a simple firewall in Python designed to mitigate the Spring4Shell (CVE-2022-22965) RCE attack by inspecting and blocking malicious request bodies.
介绍
# Python Firewall for Spring4Shell (CVE-2022-22965) Mitigation
## 1. Overview
This project is a simple but effective firewall implemented as a Proof-of-Concept (POC) in Python. It's designed to act as an HTTP server that inspects incoming POST requests to detect and block the specific payload pattern associated with the Spring4Shell (CVE-2022-22965) remote code execution (RCE) vulnerability.
## 2. How It Works
The firewall leverages Python's built-in `http.server` module. The core logic resides in the `do_POST` method of the `ServerHandler` class.
1. The server intercepts all incoming `POST` requests.
2. It reads the entire request body.
3. It searches for the malicious signature string: `class.module.classLoader`. This string is the fundamental component of the Spring4Shell exploit and is difficult for an attacker to obfuscate.
4. **If the pattern is found**, the server immediately blocks the request by sending a `403 Forbidden` HTTP response.
5. **If the pattern is not found**, the request is considered legitimate and is handled normally with a `200 OK` response.
## 3. Why This Approach?
While other mitigation strategies could focus on headers or specific URL paths, this method was chosen for its robustness:
* **Resilient:** It is not dependent on fragile indicators like filenames (e.g., `tomcatwar.jsp` ) or custom header names, which can be easily changed by an attacker.
* **Effective:** It targets the core mechanism of the exploit itself, making it a highly reliable detection method against this specific vulnerability.
## 4. Usage
To run the firewall, use the main script [`firewall_server.py`](firewall_server.py):
```bash
python firewall_server.py
```
The server will start on localhost:8000.
You can then use the provided [`Test_Requester.py`](Test_Requester.py) script to simulate malicious requests and verify that they are being blocked.
## 5. Disclaimer
This is a Proof-of-Concept and is intended for educational and demonstrative purposes only. It is not a production-ready firewall solution.
文件快照
[4.0K] /data/pocs/c8e4943fd7cd42ab62b894b17661c7edab4dcfbd
├── [2.0K] firewall_server.py
├── [1.0K] LICENSE
├── [2.0K] README.md
└── [1.8K] Test_Requester.py
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。