You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+16-15Lines changed: 16 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,6 +18,22 @@ The naming of this flaw is based on the similarities to the infamous Log4j LOG4S
18
18
19
19
-CVE-2022-22965
20
20
21
+
## Poc
22
+
23
+
Found intresting poc here : https://github.com/craig/SpringCore0day/blob/main/exp.py[^1]. & https://twitter.com/vxunderground/status/1509170582469943303
* clone sample repo from https://spring.io/guides/gs/handling-form-submission/
28
+
* you can skip right to the gs-handling-form-submission/complete directory, no need to follow the tutorial
29
+
* modify it so that you can build a war file (https://www.baeldung.com/spring-boot-war-tomcat-deploy). build war file :)
30
+
* install tomcat9 + java 11 (i did it on ubuntu 20.04 via apt-get)
31
+
* deploy the war file
32
+
* update the PoC (https://share.vx-underground.org/) to write the tomcatwar.jsp file to webapps/handling-form-submission instead of webapps/ROOT
33
+
* run PoC (ignore the URL it gives you for the webshell): python3 exp.py --url http://your.ip.here:8080/handling-form-submission-complete/greeting
34
+
* you should see the "tomcatwar.jsp" file now in webapps/handling-form-submission
35
+
* hit http://your.ip.here:8080/handling-form-submission/tomcatwar.jsp?pwd=j&cmd=id to see the results
36
+
21
37
## Mitigations
22
38
23
39
!!(The following mitigations are only theoretical as nothing has been confirmed)!!
@@ -52,21 +68,6 @@ find . -name spring-beans*.jar
52
68
```
53
69
54
70
55
-
56
-
## Poc
57
-
58
-
Found intresting poc here : https://github.com/craig/SpringCore0day/blob/main/exp.py[^1]. & https://twitter.com/vxunderground/status/1509170582469943303
59
-
60
-
* clone sample repo from https://spring.io/guides/gs/handling-form-submission/
61
-
* you can skip right to the gs-handling-form-submission/complete directory, no need to follow the tutorial
62
-
* modify it so that you can build a war file (https://www.baeldung.com/spring-boot-war-tomcat-deploy). build war file :)
63
-
* install tomcat9 + java 11 (i did it on ubuntu 20.04 via apt-get)
64
-
* deploy the war file
65
-
* update the PoC (https://share.vx-underground.org/) to write the tomcatwar.jsp file to webapps/handling-form-submission instead of webapps/ROOT
66
-
* run PoC (ignore the URL it gives you for the webshell): python3 exp.py --url http://your.ip.here:8080/handling-form-submission-complete/greeting
67
-
* you should see the "tomcatwar.jsp" file now in webapps/handling-form-submission
68
-
* hit http://your.ip.here:8080/handling-form-submission/tomcatwar.jsp?pwd=j&cmd=id to see the results
0 commit comments