Target from: CVE Network
1: Flag (system
)
1: Service
110 pts
0: Flags found
1: Service discovered
10 pts
Try out the latest Spring4Shell vulnerability.
This is a target with direct implementation of the Spring RCE vulnerability CVE-2022-22965, accessible at http://10.0.200.14:8080/helloworld/greeting. The target is here to assist in familiarizing and developing exploits and mitigation tools for this vulnerability.
Description
As taken from LunaSec blog: Two RCEs exist and three vectors are being discussed online (one of which is not known to be remotely exploitable).
- Confirmed: "Spring4Shell" in Spring Core that has been confirmed by several sources that leverages class injection (very severe),
- Confirmed: CVE-2022-22963 in Spring Cloud Function (less severe),
- Unconfirmed: A third weakness that was initially discussed as allowing RCE via Deserialization, but isn't exploitable (not severe currently).
References
- Spring announcement
- Spring4Shell-POC (this target is based on this project)
- LunaSec details so far
- Rapid7 blog
- Spring homepage
- VMWare CVE-2022-22963 details
- Github diff
35 Headshots (newer first)
Ckabos, canary, hackercon101, TroyLynx, c0nfirm, sp4t7y, xRuL0, michyamrane, SaintMArk, nenandjabhata, falconsec, luismtzsilva, ks4v3r, L0v3, jaxafed, noother, Theory, markuche, Twelve
Clientname, jinake, jblack81, PufferOverflow, L0n3lyW0lf, mmking, Muzec, sn1per, Pegasus, Grosik, 0rgis, D1ie3z, r0b0tG4nG, M4sk0ff, biba22, tahaafarooq
1 Writeup by:
Activity Stream
Latest activity on the platform
echothrust Discovered a web service on Spring4Shell for 10 points, 31 months ago