# spring-rce-poc
Testing CVE-2022-22968  
Simple app vulnerable to CVE-2022-22968
- `Dockerfile` could be used to build it on vulnerable version of `Tomcat (9.0.59)`  
- `` is a shell script which is trying to exploit this cve on 8080 port of localhost  

If attack with `` was succesfull, on context of `http://localhost:8080/shell.jsp` on a target app should be accessible  
simple JSP website with basic webshell.