CVE-2022-22965

This repository contains a functional proof-of-concept exploit for CVE-2022-22965 (Spring4Shell), which achieves remote code execution by leveraging a vulnerability in the Spring Framework. The exploit writes a JSP webshell to the target server and provides a URL to interact with it.

This repository contains a functional proof-of-concept exploit for CVE-2022-22965 (Spring4Shell), demonstrating remote code execution via log file manipulation in a vulnerable Spring application. The exploit writes a JSP webshell to the target server, allowing command execution via HTTP requests.

This repository contains a Burp Suite plugin named SpringVulScan designed to detect Spring framework vulnerabilities, including CVE-2022-22965. It includes DNS-based and callback-based detection mechanisms for various Spring CVEs.

This repository contains a functional proof-of-concept exploit for CVE-2022-22965, a critical RCE vulnerability in Spring Core. The exploit leverages a malicious request to deploy a JSP webshell, allowing arbitrary command execution via crafted HTTP requests.

This repository contains a JavaFX-based GUI tool for exploiting CVE-2022-22965, a Spring Core RCE vulnerability. It automates payload delivery and command execution, with a focus on simplicity and ease of use.

This repository provides an Nmap NSE script to non-intrusively check for CVE-2022-22965 (Spring4Shell) by sending a crafted GET request and checking for a 400 response. It does not include an exploit payload but serves as a detection tool.

This repository contains a Python-based exploit for CVE-2022-22965, a Spring Framework RCE vulnerability. The exploit leverages malicious JSP file creation and command execution via crafted HTTP requests.

This is a Python-based exploit for CVE-2022-22965 (Spring4Shell), which automates the deployment of a JSP-based web shell on vulnerable Spring Core applications. It uses a multi-threaded approach to target multiple URLs and integrates with Behinder3.0 Beta9 for post-exploitation.

This repository contains a functional exploit for CVE-2022-22965, a Spring Core RCE vulnerability. The PoC includes a Python script for vulnerability detection and webshell deployment, along with a direct curl command for exploitation.

This is a functional PoC for CVE-2022-22965 (Spring4Shell), which exploits a remote code execution vulnerability in Spring Core. It writes a file to the target server to confirm exploitation and includes validation checks to verify success.

This repository contains a functional proof-of-concept exploit for CVE-2022-22965 (Spring4Shell), demonstrating remote code execution via a crafted HTTP request to a vulnerable Spring application running on Tomcat. The exploit writes a JSP webshell to the target server and executes arbitrary commands.

This repository contains a Go-based scanner and PoC for CVE-2022-22965, a Spring Core RCE vulnerability affecting JDK9+. The tool checks for vulnerability by sending crafted requests and can be used for both single and batch target detection.

This repository contains a functional proof-of-concept exploit for CVE-2022-22965, demonstrating remote code execution (RCE) in Spring applications running on Tomcat via arbitrary file write. The exploit leverages Spring's property binding mechanism to manipulate Tomcat's classloader and create a malicious JSP file.

This repository contains a functional exploit for CVE-2022-22965, a Spring Core RCE vulnerability affecting JDK>=9. The PoC includes detection and exploitation capabilities, with payloads for both Linux and Windows systems.

This repository contains a Python-based exploit for CVE-2022-22965, a Spring Core RCE vulnerability. It includes functionality to test for vulnerability presence and inject webshells (Behinder or Godzilla) into the target system.

This repository contains a Python-based exploit for CVE-2022-22965 (Spring4Shell), which targets the Java Spring Framework. The exploit manipulates Tomcat log variables to upload a JSP webshell, providing a pseudo-shell interface for command execution.

This repository contains a functional PoC for CVE-2022-22965, a Spring Framework RCE vulnerability. It includes a vulnerable Spring application and a Python script to exploit it by deploying a JSP webshell via malicious parameter binding.

This repository provides a proof-of-concept exploit for CVE-2022-22965, a remote code execution vulnerability in the Spring Framework. The exploit leverages a malicious payload to create a JSP webshell, allowing arbitrary command execution on the target system.

This is a GUI-based exploit for CVE-2022-22965, a Spring Core RCE vulnerability. It crafts a malicious request to deploy a JSP webshell and execute arbitrary commands via a crafted HTTP request.

This repository contains a functional PoC for CVE-2022-22965, a Spring Framework RCE vulnerability. It includes a Dockerized vulnerable Spring Boot application and curl commands to exploit the vulnerability by manipulating Tomcat's configuration and deploying a web shell.

This repository contains a functional exploit for CVE-2022-22965, a remote code execution vulnerability in Spring Core. The exploit manipulates log configurations to write a JSP webshell to a target directory, allowing arbitrary command execution.

This repository contains a functional exploit for CVE-2022-22965 (Spring4Shell), demonstrating RCE via data binding on JDK 9+ by writing a JSP webshell to a target directory. The exploit leverages Spring Framework's vulnerability to achieve remote code execution.

This repository contains a functional proof-of-concept exploit for CVE-2022-22965, a Spring Core RCE vulnerability. It includes features for reverse shell and password-protected shell access.

This repository contains a Go-based scanner for detecting CVE-2022-22965 (Spring4Shell) vulnerabilities. It includes safe scanning and exploitation capabilities to verify the presence of the vulnerability.

This repository contains a Go-based proof-of-concept exploit for CVE-2022-22965 (Spring4Shell), an RCE vulnerability in the Spring Core framework. The tool supports both verification and exploitation modes, leveraging HTTP requests to trigger the vulnerability.

This repository contains an Nmap NSE script designed to detect the Spring4Shell RCE vulnerability (CVE-2022-22965) by injecting a payload and checking for command execution. It tests for the presence of the vulnerability by executing a specified command (default: 'id') and verifying the output.

This repository contains a functional proof-of-concept exploit for CVE-2022-22965 (Spring4Shell), demonstrating remote code execution (RCE) via log file manipulation in Spring Core applications. The exploit writes a JSP webshell to the target server, allowing arbitrary command execution.

This PoC exploits CVE-2022-22965, a Spring Core RCE vulnerability, by crafting a malicious HTTP request to deploy a JSP webshell. It verifies exploitation by executing the 'id' command and checking the response for expected output.

This repository contains a functional proof-of-concept exploit for CVE-2022-22965 (Spring4Shell), a remote code execution vulnerability in Spring Framework. The exploit leverages data binding to deploy a JSP web shell on vulnerable systems.

This is a functional PoC for CVE-2022-22965 (Spring4Shell), exploiting a remote code execution vulnerability in Spring Framework applications running on JDK 9+. It crafts a malicious request to deploy a JSP webshell and execute arbitrary commands.

The repository contains a basic Spring Boot application with a simple greeting form but lacks any exploit code or demonstration of CVE-2022-22965. No malicious or functional exploit logic is present.

This repository contains a functional exploit for CVE-2022-22965 (Spring4Shell), including a vulnerable Spring Boot application, a Python-based exploit script, and a safe application for testing. The exploit achieves remote code execution by injecting a malicious JSP file into the target server.

This repository contains a functional exploit for CVE-2022-22965, a Spring Core RCE vulnerability. The exploit uses a PyQt5-based GUI to craft malicious requests that execute commands or spawn reverse shells on vulnerable Spring applications.

This is a Burp Suite extension designed to detect CVE-2022-22965 (Spring4Shell) by sending a crafted request and checking for DNS interactions via Burp Collaborator. It does not include an exploit payload but confirms vulnerability through out-of-band interaction.

This repository contains a proof-of-concept exploit for CVE-2022-22965, a Spring Framework RCE vulnerability. It includes both a detection script (DNS-based) and an exploit script that leverages the vulnerability to achieve remote code execution.

This repository provides a proof-of-concept for CVE-2022-22965, a Spring Framework RCE vulnerability. It includes a Spring Boot application that demonstrates the vulnerability when deployed on specific versions of Tomcat and JDK.

This is a functional exploit for CVE-2022-22965 (Spring4Shell), which leverages a remote code execution vulnerability in Spring Core. The exploit uploads a JSP shell to a vulnerable Spring application by manipulating class loader properties via crafted HTTP headers and payloads.

This repository contains a functional exploit for CVE-2022-22965, a Spring Cloud Gateway vulnerability allowing remote code execution via SpEL injection. The PoC includes both scanning and exploitation capabilities, with support for reverse shells and command execution.

This is a functional exploit PoC for CVE-2022-22965, a Spring Core RCE vulnerability. It leverages log file manipulation to achieve remote code execution by writing a malicious JSP file to the target server.

This repository provides a detailed writeup and setup guide for analyzing CVE-2022-22965 (Spring4Shell), including environment configuration, debugging steps, and vulnerability analysis. It does not contain exploit code but explains the conditions required for exploitation.

This repository contains a proof-of-concept exploit for CVE-2022-22965, demonstrating arbitrary file download in Payara/Glassfish via manipulation of the `docBase` property. The exploit uses a Spring application to expose the vulnerability and a shell script to trigger the attack.

This repository contains a functional proof-of-concept exploit for CVE-2022-22965 (Spring4Shell), demonstrating remote code execution via a crafted HTTP request targeting vulnerable Spring Core applications. The exploit writes a JSP webshell to the target server, allowing arbitrary command execution.

This repository contains a Python-based firewall rule to mitigate CVE-2022-22965 (Spring4Shell) by blocking specific request paths and headers associated with the exploit. The firewall_server.py script listens for incoming HTTP requests and blocks those matching predefined regex patterns.

This repository contains a functional proof-of-concept exploit for CVE-2022-22965 (Spring4Shell), a remote code execution vulnerability in Spring Framework. The exploit leverages Tomcat's access log manipulation to write a JSP webshell, allowing arbitrary command execution.

This is a functional exploit for CVE-2022-22965 (Spring4Shell), which achieves remote code execution by uploading a malicious JSP file to a vulnerable Spring Core application. The exploit leverages the vulnerability in Spring's data binding mechanism to write a web shell to the target server.

This repository demonstrates CVE-2022-22965 (Spring4Shell) via a vulnerable Spring MVC controller that processes untrusted input through BeanWrapper, allowing arbitrary code execution. The test case shows nested property access, a key exploitation vector for this vulnerability.

This repository provides an intentionally vulnerable Spring Boot application to demonstrate CVE-2022-22965 (Spring4Shell). It includes a Dockerized environment with JDK 11, Tomcat 9, and Spring 2.6.4, exposing vulnerable endpoints for testing exploitation techniques.

This repository provides an iRule for mitigating CVE-2022-22965 (Spring4Shell) on BIG-IP 15.x. It does not contain exploit code but offers a mitigation strategy.

This repository contains a Python-based exploit for CVE-2022-22965 (Spring4Shell), which leverages data binding in the Spring Framework to achieve remote code execution (RCE) via a crafted HTTP request. The exploit uploads a JSP webshell to a vulnerable Tomcat server running a Spring application.

This repository contains a functional PoC for CVE-2022-22965 (Spring4Shell), which exploits a remote code execution vulnerability in Spring Core. The exploit crafts a malicious POST request to deploy a JSP webshell, allowing arbitrary command execution via a crafted URL.

This is a functional exploit for CVE-2022-22965 (Spring4Shell), which allows unauthenticated remote code execution on vulnerable Spring Framework applications. The PoC includes checks for vulnerability and the ability to upload a JSP webshell for command execution.

This repository contains a functional exploit for CVE-2022-22965 (Spring4Shell), demonstrating remote code execution (RCE) via crafted HTTP requests to manipulate Tomcat log configurations and deploy a JSP webshell. The exploit leverages the vulnerability in Spring Framework's data binding mechanism to achieve arbitrary code execution.

This repository contains a functional exploit for CVE-2022-22965 (Spring4Shell), automating the exploitation process to achieve remote code execution via a reverse shell. It includes modules for payload generation and vulnerability checking, with a focus on automation and modularity.

This repository contains a Python-based HTTP firewall designed to detect and block exploitation attempts targeting CVE-2022-22965 (Spring4Shell). The firewall analyzes POST requests for malicious keys, payloads, and headers associated with the vulnerability.

This repository contains multiple Python-based exploits for CVE-2022-22965 (Spring4Shell), a remote code execution vulnerability in Spring Framework. The exploits leverage log file manipulation to deploy a JSP web shell, allowing arbitrary command execution on vulnerable systems.

The repository contains a stub exploit for CVE-2022-22965 (Spring4Shell) with a README describing the vulnerability but the exploit.py file is incomplete and non-functional.

This repository contains a functional PoC for CVE-2022-22965, a Spring Boot vulnerability allowing remote code execution via data binding manipulation. The exploit leverages Tomcat's configuration to deploy a malicious JSP shell.

This repository contains a Spring Boot application demonstrating CVE-2022-22965, a Spring Framework RCE vulnerability. The PoC leverages the vulnerable data binding mechanism in Spring MVC to achieve remote code execution.

This repository contains a detailed writeup about CVE-2022-22965 (Spring4Shell), including vulnerability details, exploitation conditions, and mitigation steps. It does not include actual exploit code but provides technical context and references.

This PowerShell script is a port of the original Python PoC for CVE-2022-22965, a Spring Framework RCE vulnerability. It attempts to inject a file on the target server and checks if the file was successfully created, confirming vulnerability.

This repository provides a detailed writeup and detection scripts for CVE-2022-22965, a critical RCE vulnerability in Spring Framework. It includes PowerShell and Bash scripts to identify vulnerable systems by searching for specific files and classes associated with the vulnerability.

This repository contains a proof-of-concept for CVE-2022-22965, a Spring4Shell vulnerability. It includes a controller and a bean class to demonstrate the exploitation of the vulnerability in a Spring MVC environment.

This is a Python-based PoC for CVE-2022-22965, a Spring Core RCE vulnerability. It attempts to write a JSP shell to a target system by exploiting the vulnerability and verifies success by checking the response status code.

This repository contains multiple functional Python exploits for CVE-2022-22965 (Spring4Shell), demonstrating remote code execution via log file manipulation in Spring Core applications. The exploits leverage Tomcat's access log injection to deploy JSP webshells or reverse shells.

This repository contains a functional exploit for CVE-2022-22965 (Spring4Shell), demonstrating remote code execution via a crafted HTTP request that writes a JSP webshell to the target server. The exploit includes both Python-based automation and manual curl commands for payload delivery.

This repository provides a detailed technical walkthrough of exploiting and mitigating CVE-2022-22965 (Spring4Shell), including step-by-step commands, environment setup, and tool usage for both offensive and defensive perspectives.

This repository contains a functional exploit for CVE-2022-22965 (Spring4Shell), demonstrating remote code execution via Spring Framework's data binding mechanism. The exploit automates the attack process, including payload delivery, web shell deployment, and post-exploitation verification.

The repository contains a functional Python exploit for CVE-2022-22965 (Spring4Shell), which achieves RCE by manipulating Spring's data binding mechanism to write a JSP webshell to disk. The exploit sends crafted HTTP parameters to modify Tomcat configuration and execute arbitrary commands.

This repository contains a functional exploit for CVE-2022-22965 (Spring4Shell), demonstrating remote code execution via crafted HTTP parameters to manipulate Spring's data binding mechanism and write a JSP webshell to disk.

This repository contains a functional exploit for CVE-2022-22965 (Spring4Shell), demonstrating remote code execution via crafted HTTP parameters targeting Spring MVC data binding on Tomcat. The PoC includes a Python script that automates the exploitation process and provides an interactive shell upon successful compromise.

This repository contains a functional exploit for CVE-2022-22965 (Spring4Shell), demonstrating remote code execution (RCE) via a crafted HTTP request that manipulates Tomcat's logging configuration to deploy a JSP webshell. The exploit includes a Dockerized vulnerable Spring application and a Python script to trigger the vulnerability.

This repository contains a functional exploit for CVE-2022-22965, a Spring Core RCE vulnerability. The Python script manipulates log configurations to write a JSP webshell, demonstrating arbitrary code execution on vulnerable Spring applications running on Tomcat.

This repository contains a functional exploit for CVE-2022-22965 (Spring4Shell), demonstrating remote code execution via log file manipulation in a vulnerable Spring application. The exploit writes a JSP webshell to the target server, allowing arbitrary command execution.

This repository contains a proof-of-concept for detecting and mitigating CVE-2022-22965 (Spring4Shell) exploitation attempts. It includes a firewall server that blocks requests containing the exploit signature and a test requester to simulate attacks.

This repository contains a comprehensive DFIR project simulating the Spring4Shell (CVE-2022-22965) vulnerability, including an exploit simulator, detection engine, and firewall mitigation. It demonstrates the full incident response lifecycle with network and memory forensics methodologies.

This repository is a detailed writeup and analysis of CVE-2022-22965 (Spring4Shell), focusing on incident response, threat detection, and mitigation strategies. It includes firewall log analysis, attack characteristics, and proposed firewall rules for mitigation.

This is a functional exploit for CVE-2022-22965 (Spring4Shell), which leverages a remote code execution vulnerability in Spring Framework by manipulating log configurations to write a malicious JSP file to the target server. The exploit then allows command execution via HTTP requests to the deployed JSP shell.

This repository contains a functional PoC for CVE-2022-22965 (Spring4Shell), demonstrating how an attacker can exploit the DataBinder vulnerability in Spring Framework to manipulate Tomcat's AccessLogValve and upload a webshell. The PoC includes a vulnerable Spring Boot application and a controller that allows parameter binding to a POJO, enabling the exploitation of the classLoader access issue.

This repository contains a functional proof-of-concept exploit for CVE-2022-22965 (Spring4Shell), demonstrating remote code execution via log file manipulation in vulnerable Spring Boot applications. It includes a Python exploit script and a dockerized demo environment with vulnerable and patched versions of Spring Boot.

This repository contains a Python-based firewall PoC designed to detect and block exploit attempts for CVE-2022-22965 (Spring4Shell) by inspecting POST requests for the malicious payload pattern 'class.module.classLoader'. It includes a test script to simulate malicious requests and verify blocking behavior.

This repository appears to be a partial or incomplete snapshot of the Spring Framework source code, specifically around the time of CVE-2022-22965. It lacks exploit code or a proof-of-concept, containing only build scripts, integration tests, and documentation.

This repository provides a detailed technical analysis of CVE-2022-22965 (Spring4Shell), including root cause analysis, exploit mechanics, and step-by-step reproduction instructions. It does not contain functional exploit code but offers in-depth explanations of the vulnerability.

This repository provides a Python-based firewall script to detect and block malicious requests exploiting CVE-2022-22965 (Spring4Shell). It uses pattern matching to identify and block known exploit payloads.

This repository contains a functional proof-of-concept exploit for CVE-2022-22965 (Spring4Shell), a remote code execution vulnerability in Spring Framework. The exploit leverages malicious JSP file uploads to achieve RCE on vulnerable Spring applications.

This repository documents a lab setup for detecting and mitigating web application threats, specifically focusing on CVE-2022-22965 (Spring4Shell). It includes deployment of vulnerable applications, scanning with OWASP ZAP and Burp Suite, and WAF setup with ModSecurity and OWASP CRS.

This repository contains a functional proof-of-concept for CVE-2022-22965 (Spring4Shell), including a firewall handler to block malicious requests and a test script to demonstrate the exploit. The test script sends crafted POST requests with payloads designed to trigger remote code execution via the Spring Framework vulnerability.

This repository contains a Python-based firewall server designed to detect and block exploit attempts for CVE-2022-22965 (Spring4Shell). It includes a test script to simulate attacks and verify the blocking rules.

This repository contains a Python-based exploit for CVE-2022-22965 (Spring4Shell), which leverages a remote code execution vulnerability in the Spring Core Java framework. The exploit modifies Tomcat logging parameters to inject a JSP webshell, allowing command execution on vulnerable systems.

This repository contains a functional proof-of-concept exploit for CVE-2022-22965 (Spring4Shell), which leverages Spring Core's parameter binding to write a malicious JSP file to a vulnerable Tomcat server, enabling remote code execution.

This repository contains a functional exploit for CVE-2022-22965, a remote code execution vulnerability in Spring Framework. The exploit leverages a malicious JSP file upload and execution via a crafted HTTP request to achieve RCE.

This is a Python-based firewall server designed to block requests matching specific patterns associated with CVE-2022-22965, a Spring Framework RCE vulnerability. It checks for malicious paths and headers, responding with a 403 Forbidden if detected.

This is a functional exploit for CVE-2022-22965 (Spring4Shell), which achieves remote code execution by uploading a JSP webshell to a vulnerable Spring application running on Apache Tomcat. The exploit leverages unsafe deserialization and path traversal to deploy a password-protected shell.

This repository contains a functional PoC for CVE-2022-22965 (Spring4Shell), which exploits a remote code execution vulnerability in Spring Core. The exploit manipulates Tomcat's logging configuration to write a JSP webshell, allowing arbitrary command execution via crafted HTTP requests.

This PoC exploits CVE-2022-22965 (Spring4Shell) by sending a malicious HTTP POST request to inject a JSP webshell into a vulnerable Spring Core application. It then verifies exploitation by checking if the webshell is accessible via a GET request.

This is a functional exploit for CVE-2022-22965 (Spring4Shell), which achieves remote code execution by uploading a JSP webshell to a vulnerable Spring Core application. The exploit leverages class loader manipulation and runtime command execution via crafted HTTP headers and payloads.

This repository contains a functional PoC exploit for CVE-2022-22965 (Spring4Shell), demonstrating RCE via log file manipulation in Spring Core applications running on Tomcat. The exploit writes a JSP webshell to the target server, allowing command execution via HTTP requests.

This repository contains a detailed writeup and proof-of-concept code for CVE-2022-22965, a Spring MVC/WebFlux RCE vulnerability on JDK 9+ via data binding. It includes Java Bean API analysis, Introspector/BeanInfo/PropertyDescriptor usage, and a demo controller to illustrate the vulnerability.

This repository contains basic Spring Boot application templates for Gradle and Maven builds, but lacks any exploit code or demonstration of CVE-2022-22965. It appears to be a skeleton project rather than a functional PoC.

This is a functional exploit for CVE-2022-22965 (Spring4Shell), which leverages a remote code execution vulnerability in Spring Core. The exploit uploads a JSP shell to a vulnerable server by manipulating the class module and pipeline properties.

This is a Python script that exploits CVE-2022-22965 (Spring4Shell) by manipulating the logging configuration to create arbitrary log files on the target system. It checks for vulnerability by attempting to write a log file and then verifying its existence via HTTP requests.

This repository contains only a basic Spring Boot application stub without any exploit code or vulnerability demonstration. It does not include a PoC for CVE-2022-22965.

This is a functional exploit for CVE-2022-22965 (Spring4Shell), which achieves remote code execution by uploading a malicious JSP file to a vulnerable Spring Core application. The exploit leverages the vulnerability in the Spring Framework's data binding mechanism to write a webshell to the target server.

This repository contains a functional exploit for CVE-2022-22965, a Spring Framework RCE vulnerability. The Python script manipulates the AccessLogValve configuration to write a malicious JSP file, enabling remote code execution.

This is a Python-based exploit for CVE-2022-22965 (Spring4Shell), which achieves remote code execution by uploading a malicious JSP file to a vulnerable Spring Framework application. The exploit leverages a deserialization vulnerability to write a web shell to the target server.

This PoC demonstrates CVE-2022-22965, a Spring Framework vulnerability allowing remote code execution via manipulation of Tomcat's access logger. The exploit reconfigures the logger to write a JSP file containing arbitrary Java code, which is then executed by the server.

This repository contains a Bash script designed to scan directories for JAR files and analyze their Manifest files to detect Spring Framework occurrences. It does not exploit CVE-2022-22965 but aids in identifying potentially vulnerable Spring Framework versions.

This repository contains a comprehensive Spring Boot vulnerability scanning and exploitation tool, including support for CVE-2022-22965 (Spring Core RCE). It features modules for detecting sensitive endpoints, exploiting known vulnerabilities, and integrating with asset discovery platforms like FOFA, Hunter, and ZoomEye.

This repository contains a collection of exploit scripts for various CVEs, including CVE-2022-22965. The scripts are functional and demonstrate the vulnerabilities they target.

The repository contains a Go-based scanner for detecting CVE-2022-22965, a Spring Core RCE vulnerability. It sends crafted HTTP requests to check for vulnerability indicators but does not include exploit code for achieving RCE.

This repository contains a functional exploit for CVE-2022-22965 (Spring4Shell), which deploys a JSP web shell on vulnerable Spring Framework applications. The exploit leverages the vulnerability to achieve remote code execution (RCE) by manipulating class loader properties.

This repository provides a Dockerized intentionally vulnerable Spring Framework application (CVE-2022-22965) with a functional exploit PoC. The exploit leverages the Spring4Shell vulnerability to achieve remote code execution (RCE) via a crafted HTTP request.

This repository contains a functional exploit for CVE-2022-22965 (Spring4Shell), demonstrating remote code execution via crafted HTTP requests to a vulnerable Spring application. The exploit writes a JSP shell to the target server, allowing command execution.

This repository contains a functional exploit for CVE-2022-22965 (Spring4Shell), which achieves remote code execution (RCE) by leveraging a vulnerability in the Spring Framework. The exploit crafts a malicious HTTP request to deploy a JSP webshell, allowing arbitrary command execution on the target system.

This repository contains a functional exploit for CVE-2022-22965 (Spring Core RCE), leveraging a crafted HTTP request to achieve remote code execution via JSP shell deployment. The exploit targets Spring Framework applications running on JDK 9+.

This repository contains a functional exploit PoC for CVE-2022-22965, demonstrating RCE in Spring Cloud Function via SpEL injection. The exploit leverages the `spring.cloud.function.routing-expression` header to execute arbitrary commands.

This Metasploit module exploits CVE-2022-22965 (Spring4Shell), a remote code execution vulnerability in Spring Framework due to unsafe data binding in class property manipulation. It crafts a malicious request to modify the Tomcat ClassLoader, writes a JSP payload to the server, and achieves RCE.