Safer_PoC_CVE-2022-22965

A Safer PoC for CVE-2022-22965 (Spring4Shell)

Functionality

  • Creates a file called CVE_2022-22965_exploited.txt in the tomcat directory ‘webapps/ROOT’
  • Option user argument to change the output directory
  • Exploit validation is performed by requesting the output .txt file, depending on your tomcat configuration this may require manual review.
    • Additional verification added to check the content of the returned document; some web servers return an error page with HTTP status 200

Usage

usage: Safer_PoC_CVE-2022-22965.py [-h] --url URL [--dir DIR]

CVE-2022-22965 Spring-Core remote code execution POC

optional arguments:
  -h, --help  show this help message and exit
  --url URL   target url
  --dir DIR   directory to write the result (default is "webapps")

Example: python3 Safer_PoC_CVE-2022-22965.py --url http://localhost:8080/handling-form-submission-complete/greeting --dir "webapps/handling-form-submission-complete"

Output File

File Name: CVE_2022_22965_exploited.txt

File Contents: Warning, CVE_2022_22965 was sucessfully exploited on this device. reference: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

GitHub

View Github