Share
## https://sploitus.com/exploit?id=9B3AD93D-3EB7-516A-8F64-439D6260F866
# Spring4Shell - PoC
# CVE - 2022 - 22965
## Versions affected : 
- Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19 and older versions
- Java JDK 9
- Apache Tomcat versions below 10..0.20, 9.0.62, and 8.5.78
- Applications that are packaged as a traditional WAR with spring-webmvc or spring-webflux dependency and deployed on a standalone Servlet container alone are affected
## Description
- The issue can be elevated by ClassLoader manipulation
- Improper data binding that is used to populate an object from request parameters causes this vulnerability
##Impact
- Successful exploitation of this vulnerability can lead to arbitary code execution on the vulnerable machine.
##Test Application
- [gokul-ramesh/Spring4Shell-POC](https://github.com/gokul-ramesh/Spring4Shell-POC) (forked from [lunasec-io/Spring4Shell-POC](https://github.com/lunasec-io/Spring4Shell-POC) )
- Clone the repository and build the application
```
docker build . -t spring4shell-poc-app
```
Else get the docker image from [gokul2/spring4shell-poc-app]
```
docker pull gokul2/spring4shell-poc-app
```
- Bring up the application
```
docker run -p 8080:8080 spring4shell-poc-app
```
- The application will be available at [localhost:8080](http://localhost:8080) now.
- Run the exploit.py file