GET /shell.jsp?cmd=open%20/System/Applications/Calculator.app HTTP/1.1
Host: 127.0.0.1:8080
### 工具检测
![在这里插入图片描述](https://img-blog.csdnimg.cn/585d7810b74845a1a52281461c7246a1.png?x-oss-process=image/watermark,type_d3F5LXplbmhlaQ,shadow_50,text_Q1NETiBA572R57uc77-l5a6J5YWo6IGU55uf56uZ,size_20,color_FFFFFF,t_70,g_se,x_16)
![在这里插入图片描述](https://img-blog.csdnimg.cn/8b05a2b3d9a04d1b845387c1a97c48b6.png?x-oss-process=image/watermark,type_d3F5LXplbmhlaQ,shadow_50,text_Q1NETiBA572R57uc77-l5a6J5YWo6IGU55uf56uZ,size_20,color_FFFFFF,t_70,g_se,x_16)
**描述:Spring4Shell - Spring Core RCE - CVE-2022-22965**
`链接:https://github.com/TheGejr/SpringShell`
---
**描述:Spring4Shell Proof Of Concept/Information CVE-2022-22965**
`链接:https://github.com/BobTheShoplifter/Spring4Shell-POC`
---
**描述:This includes CVE-2022-22963, a Spring SpEL / Expression Resource Access Vulnerability, as well as CVE-2022-22965, the spring-webmvc/spring-webflux RCE termed “SpringShell”.**
`链接:https://github.com/kh4sh3i/Spring-CVE`
---
**描述:Vulnerabilidad RCE en Spring Framework vía Data Binding on JDK 9+**
`链接:https://github.com/GuayoyoCyber/CVE-2022-22965`
---
**描述:Zabbix - SAML SSO Authentication Bypass**
`链接:https://github.com/kh4sh3i/CVE-2022-23131`
---
**描述:CVE-2022-22965 poc including reverse-shell support**
`链接:https://github.com/viniciuspereiras/CVE-2022-22965-poc`
---
**描述:Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit**
`链接:https://github.com/reznok/Spring4Shell-POC`
---
**描述:try to determine if a host is vulnerable to SpringShell CVE‐2022‐22963**
`链接:https://github.com/jschauma/check-springshell`
---
**描述:CVE-2022-22965 - CVE-2010-1622 redux**
`链接:https://github.com/DDuarte/springshell-rce-poc`
---
**描述:A Safer PoC for CVE-2022-22965 (Spring4Shell)**
`链接:https://github.com/colincowie/Safer_PoC_CVE-2022-22965`
---
**描述:None**
`链接:https://github.com/Kirill89/CVE-2022-22965-PoC`
---
**描述:Spring Framework RCE (Quick pentest notes)**
`链接:https://github.com/alt3kx/CVE-2022-22965_PoC`
---
**描述:A Proof-of-Concept (PoC) of the Spring Core RCE (Spring4Shell or CVE-2022-22963) in Bash (Linux).**
`链接:https://github.com/exploitbin/CVE-2022-22963-Spring-Core-RCE`
---
**描述:spring-core单个图形化利用工具,CVE-2022-22965及修复方案已出**
`链接:https://github.com/light-Life/CVE-2022-22965-GUItools`
---
**描述:CVE-2022-22965 : about spring core rce**
`链接:https://github.com/Mr-xn/spring-core-rce`
---
**描述:Test for cve-2021-3864**
`链接:https://github.com/walac/cve-2021-3864`
---
**描述:None**
`链接:https://github.com/nanopathi/framework_base_AOSP10_r33_CVE-2021-0472`