Safer_PoC_CVE-2022-22965

A Safer PoC for CVE-2022-22965 (Spring4Shell)

Functionality

Creates a file called CVE_2022-22965_exploited.txt in the tomcat directory 'webapps/ROOT'
Option user argument to change the output directory
Exploit validation is performed by requesting the output .txt file, depending on your tomcat configuration this may require manual review.
- Additional verification added to check the content of the returned document; some web servers return an error page with HTTP status 200

Usage

usage: Safer_PoC_CVE-2022-22965.py [-h] --url URL [--dir DIR]

CVE-2022-22965 Spring-Core remote code execution POC

optional arguments:
  -h, --help  show this help message and exit
  --url URL   target url
  --dir DIR   directory to write the result (default is "webapps")

Example: python3 Safer_PoC_CVE-2022-22965.py --url http://localhost:8080/handling-form-submission-complete/greeting --dir "webapps/handling-form-submission-complete"

Output File

File Name: CVE_2022_22965_exploited.txt

File Contents: Warning, CVE_2022_22965 was sucessfully exploited on this device. reference: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
README.md		README.md
Safer_PoC_CVE-2022-22965.py		Safer_PoC_CVE-2022-22965.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Safer_PoC_CVE-2022-22965

Functionality

Usage

Output File

About

Releases

Packages

Contributors 2

Languages

colincowie/Safer_PoC_CVE-2022-22965

Folders and files

Latest commit

History

Repository files navigation

Safer_PoC_CVE-2022-22965

Functionality

Usage

Output File

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Languages

Packages