Safer_PoC_CVE-2022-22965
A Safer PoC for CVE-2022-22965 (Spring4Shell)
Functionality
- Creates a file called
CVE_2022-22965_exploited.txt
in the tomcat directory 'webapps/ROOT' - Option user argument to change the output directory
- Exploit validation is performed by requesting the output .txt file, depending on your tomcat configuration this may require manual review.
- Additional verification added to check the content of the returned document; some web servers return an error page with HTTP status 200
Usage
usage: Safer_PoC_CVE-2022-22965.py [-h] --url URL [--dir DIR]
CVE-2022-22965 Spring-Core remote code execution POC
optional arguments:
-h, --help show this help message and exit
--url URL target url
--dir DIR directory to write the result (default is "webapps")
Example: python3 Safer_PoC_CVE-2022-22965.py --url http://localhost:8080/handling-form-submission-complete/greeting --dir "webapps/handling-form-submission-complete"
Output File
File Name: CVE_2022_22965_exploited.txt
File Contents: Warning, CVE_2022_22965 was sucessfully exploited on this device. reference: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement