Target from: CVE Network
Basic, Non rootable
spring4shell / 0.0.0.0
1: Flag (system)
1: Service
110 pts
Level 2 / Webuser
chain00x / 1234th Place
0: Flags found
1: Service discovered
10 pts
Try out the latest Spring4Shell vulnerability.
This is a target with direct implementation of the Spring RCE vulnerability CVE-2022-22965, accessible at http://10.0.200.14:8080/helloworld/greeting. The target is here to assist in familiarizing and developing exploits and mitigation tools for this vulnerability.
Description
As taken from LunaSec blog: Two RCEs exist and three vectors are being discussed online (one of which is not known to be remotely exploitable).
- Confirmed: "Spring4Shell" in Spring Core that has been confirmed by several sources that leverages class injection (very severe),
- Confirmed: CVE-2022-22963 in Spring Cloud Function (less severe),
- Unconfirmed: A third weakness that was initially discussed as allowing RCE via Deserialization, but isn't exploitable (not severe currently).
References
- Spring announcement
- Spring4Shell-POC (this target is based on this project)
- LunaSec details so far
- Rapid7 blog
- Spring homepage
- VMWare CVE-2022-22963 details
- Github diff
35 Headshots (newer first)
Ckabos, canary, hackercon101, TroyLynx, c0nfirm, sp4t7y, xRuL0, michyamrane, SaintMArk, nenandjabhata, falconsec, luismtzsilva, ks4v3r, L0v3, jaxafed, noother, Theory, markuche, TwelveClientname, jinake, jblack81, PufferOverflow, L0n3lyW0lf, mmking, Muzec, sn1per, Pegasus, Grosik, 0rgis, D1ie3z, r0b0tG4nG, M4sk0ff, biba22, tahaafarooq1 Writeup by:
Activity Stream
Latest activity on the platform