# Spring4Shell PoC Application

This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965). Full Java source for the war is provided and modifiable, the war will get re-built whenever the docker image is built. The built WAR will then be loaded by Tomcat. There is nothing special about this application, it's a simple hello world that's based off [Spring tutorials](


Having issues with the POC? Check out the LunaSec fork at:, it's more actively maintained.

## Requirements

1. Docker
2. Python3 + requests library

## Instructions

1. Clone the repository
2. Build and run the container: `docker build . -t spring4shell && docker run -p 8080:8080 spring4shell`
3. App should now be available at http://localhost:8080/helloworld/greeting


4. Run the script:
 `python --url "http://localhost:8080/helloworld/greeting"`


5. Visit the created webshell! Modify the `cmd` GET parameter for your commands. (`http://localhost:8080/shell.jsp` by default)


## Notes

**Fixed!** ~~As of this writing, the container (possibly just Tomcat) must be restarted between exploitations. I'm actively trying to resolve this.~~

Re-running the exploit will create an extra artifact file of {old_filename}_.jsp. 

PRs/DMs [@Rezn0k]( are welcome for improvements!

## Credits

- [@esheavyind]( for help on building a PoC. Check out their writeup at:
- [@LunaSecIO]( for improving the documentation and exploit
- [@rwincey]( for making the exploit replayable without requiring a Tomcat restart