spring-rce-poc
Testing CVE-2022-22968
Simple app vulnerable to CVE-2022-22968
Dockerfile
could be used to build it on vulnerable version ofTomcat (9.0.59)
exploit.sh
is a shell script which is trying to exploit this cve on 8080 port of localhost
If attack with exploit.sh
was succesfull, on context of http://localhost:8080/shell.jsp
on a target app should be accessible
simple JSP website with basic webshell.