aancw/Spring4shell-poc-lab

PoC Lab for Spring4shell vulnerability

Spring4shell-poc-lab

PoC Lab for Spring4shell vulnerability.

Requirements

• Docker

Building the Lab

• Install docker
• Run the bash script

sh deploy.sh

• Wait until container is up
• Happy hacking!

Detail Informations

• https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html
• https://www.springcloud.io/post/2022-03/spring-0day-vulnerability/#gsc.tab=0
• https://www.praetorian.com/blog/spring-core-jdk9-rce/

Spring Patch

• https://github.com/spring-projects/spring-framework/commit/7f7fb58dd0dae86d22268a4b59ac7c72a6c22529

Acknowledgment

• Thank you to Retrospected for the .war file https://github.com/Retrospected/spring-rce-poc