Spring Core RCE
A Proof-of-Concept (PoC) of the Spring Core RCE (Spring4Shell or CVE-2022-22963) in Bash (Linux).
How to use
Clone the exploit from GitHub and run it:
git clone https://github.com/exploitbin/CVE-2022-22963-Spring-Core-RCE.git
cd CVE-2022-22963-Spring-Core-RCE/
bash spring.sh "http://target.tld:8080/"
Test a target
If you git cloned the repo, use this command:
target
: The target you wanna drop a shell on! (example: https://example.tld:8080/)
bash spring.sh 'target'
GitHub Star
Did you use it? Please give us a star!
Links
https://tanzu.vmware.com/security/cve-2022-22963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22963
https://sysdig.com/blog/cve-2022-22963-spring-cloud/
https://securityonline.info/cve-2022-22963-spring-java-framework-0-day-remote-code-execution-vulerability-alert/
https://github.com/Mr-xn/spring-core-rce https://skids-getting.owned/haha