{"uuid": "995ed714-cf8d-43ef-bd75-8c9d9241a9c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22965", "type": "published-proof-of-concept", "source": "https://t.me/ETHICALHACKERSCOMMUNITY2/324", "content": "This is a dockerized application that is vulnerable (https://www.kitploit.com/search/label/Vulnerable) to the Spring4Shell vulnerability (https://www.kitploit.com/search/label/Vulnerability) (CVE-2022-22965). Full Java source for the war is provided and modifiable, the war will get re-built whenever the docker image is built. The built WAR will then be loaded by Tomcat. There is nothing special about this application, it's a simple hello world that's based off Spring tutorials (https://spring.io/guides/gs/handling-form-submission/).  Details: https://www.lunasec.io/docs/blog/spring-rce-vulnerabilitiesHaving issues with the POC? Check out the LunaSec fork at: https://github.com/lunasec-io/Spring4Shell-POC, it's more actively maintained.  Requirements    Docker  Python3 + requests library    Instructions    Clone the repository  Build and run the container: docker build . -t spring4shell && docker run -p 8080:8080 spring4shell  App should now be available at http://localhost:8080/helloworld/greeting", "creation_timestamp": "2022-05-10T13:51:22.000000Z"}