Downloads, Hacking Tools, Spring Core Rce, Spring4Shell, Spring4Shell-POC, Springshell

Spring4Shell-Poc – Spring Core RCE 0-day Vulnerability

Description of the vulnerability:

Construction of the POC:

Steps to Build/Run

Tested with JDK 11.0.14, Spring Boot 2.6.5, and Apache Tomcat 9.0.60

  • Run mvn clean package to build the application
  • Rename demo-0.0.1-SNAPSHOT.war to spring-poc.war and copy this .war file to Tomcat’s webapps directory
  • Run python --url http://localhost:8080/spring-poc/greeting
    • If successful, the message 漏洞存在,shell地址为:http://localhost:8080/spring-poc/tomcatwar.jsp?pwd=j&cmd=whoami will be logged.
    • You should now see the file tomcatwar.jsp written to Tomcat’s webapps/spring-poc directory. This directory can be changed by modifying
      • $ (1)
    • Go to the url to see the result of the shell command
      • $ (2)

Source : KitPloit – PenTest Tools!

Previous ArticleNext Article
Send this to a friend