## https://sploitus.com/exploit?id=866A8BD8-7D36-53DA-AA66-A0064438E2A5
# CVE-2022-22965
### 2022.04.02 16:44
优化了POC,不再是一次性验证
Optimized POC, no longer a one-time validation
## 警告:此程序会破坏日志信息的完整性,请备份服务器数据!仅在在拥有服务器渗透测试授权的情况下使用!
## Warning: This program will destroy log information integrity, please back up server data! Use only if you have server penetration test authorization!
pocsuite -r CVE-2022-22965_POC_EXP.py -u url
如下图,程序会自动生成一个随机的jsp网页,会随机生成jsp密码,修改jsp中cmd传入的参数,可以实现命令自由
As shown below, the program will automatically generate a random JSP page, will randomly generate JSP password, modify the parameters of CMD in JSP, can achieve command freedom
# 免责声明
## 此工具仅用于学习、研究和自查。不应将其用于非法目的。使用本工具产生的一切风险与我无关!
# Disclaimer
## This tool is for study, research, and self-examination only. It should not be used for illegal purposes. All risks arising from the use of this tool have nothing to do with me!