CVE-2022-22965 Spring4Shell research & PoC for learning purposes
A more detailed analysis and explanation of the vulnerability can be found on my blog post.
Based on the initial research I did on https://github.com/GuayoyoCyber/CVE-2022-22965 with these additions:
- modifications on HelloWorld class and helloworld.jsp for a better understanding of the vulnerability
- added Apache Tomcat 9.0.60 embed library dependency for debugging purposes
sudo apt install maven
mvn clean package
Apache Tomcat 9.0.60 can be downloaded from https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.60/bin/apache-tomcat-9.0.60.zip
Smart Tomcat IntelliJ plugin can be used to speed up running and debugging: https://plugins.jetbrains.com/plugin/9492-smart-tomcat
sudo docker build -t spring4shell .
or
sudo docker build -t spring4shell -f Dockerfile2 .
sudo docker run -p 8082:8080 spring4shell
- https://medium.com/@cxzero/spring4shell-cve-2022-22965-vulnerability-analysis-and-exploitation-fae244dfd3eb
- http://blog.o0o.nu/2010/06/cve-2010-1622.html
- https://mp.weixin.qq.com/s/kgw-O4Hsd9r2vfme3Y2Ynw
- https://www.microsoft.com/security/blog/2022/04/04/springshell-rce-vulnerability-guidance-for-protecting-against-and-detecting-cve-2022-22965/
- https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/
- https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/