CVE-2024-22963-Spring-Core-RCE图形化利用工具_poc-yaml-cve-2024-22963-spring-spel-rce

最新推荐文章于 2024-10-11 17:25:28 发布

2401_85958929

最新推荐文章于 2024-10-11 17:25:28 发布

阅读量72

点赞数 2

文章标签： spring java 后端

本文链接：https://blog.csdn.net/2401_85958929/article/details/141373627

版权

GET /shell.jsp?cmd=open%20/System/Applications/Calculator.app HTTP/1.1
Host: 127.0.0.1:8080


### 工具检测


![在这里插入图片描述](https://img-blog.csdnimg.cn/585d7810b74845a1a52281461c7246a1.png?x-oss-process=image/watermark,type_d3F5LXplbmhlaQ,shadow_50,text_Q1NETiBA572R57uc77-l5a6J5YWo6IGU55uf56uZ,size_20,color_FFFFFF,t_70,g_se,x_16)


![在这里插入图片描述](https://img-blog.csdnimg.cn/8b05a2b3d9a04d1b845387c1a97c48b6.png?x-oss-process=image/watermark,type_d3F5LXplbmhlaQ,shadow_50,text_Q1NETiBA572R57uc77-l5a6J5YWo6IGU55uf56uZ,size_20,color_FFFFFF,t_70,g_se,x_16)


**描述：Spring4Shell - Spring Core RCE - CVE-2022-22965**


`链接：https://github.com/TheGejr/SpringShell`




---


**描述：Spring4Shell Proof Of Concept/Information CVE-2022-22965**


`链接：https://github.com/BobTheShoplifter/Spring4Shell-POC`




---


**描述：This includes CVE-2022-22963, a Spring SpEL / Expression Resource Access Vulnerability, as well as CVE-2022-22965, the spring-webmvc/spring-webflux RCE termed “SpringShell”.**


`链接：https://github.com/kh4sh3i/Spring-CVE`




---


**描述：Vulnerabilidad RCE en Spring Framework vía Data Binding on JDK 9+**


`链接：https://github.com/GuayoyoCyber/CVE-2022-22965`




---


**描述：Zabbix - SAML SSO Authentication Bypass**


`链接：https://github.com/kh4sh3i/CVE-2022-23131`




---


**描述：CVE-2022-22965 poc including reverse-shell support**


`链接：https://github.com/viniciuspereiras/CVE-2022-22965-poc`




---


**描述：Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit**


`链接：https://github.com/reznok/Spring4Shell-POC`




---


**描述：try to determine if a host is vulnerable to SpringShell CVE‐2022‐22963**


`链接：https://github.com/jschauma/check-springshell`




---


**描述：CVE-2022-22965 - CVE-2010-1622 redux**


`链接：https://github.com/DDuarte/springshell-rce-poc`




---


**描述：A Safer PoC for CVE-2022-22965 (Spring4Shell)**


`链接：https://github.com/colincowie/Safer_PoC_CVE-2022-22965`




---


**描述：None**


`链接：https://github.com/Kirill89/CVE-2022-22965-PoC`




---


**描述：Spring Framework RCE (Quick pentest notes)**


`链接：https://github.com/alt3kx/CVE-2022-22965_PoC`




---


**描述：A Proof-of-Concept (PoC) of the Spring Core RCE (Spring4Shell or CVE-2022-22963) in Bash (Linux).**


`链接：https://github.com/exploitbin/CVE-2022-22963-Spring-Core-RCE`




---


**描述：spring-core单个图形化利用工具，CVE-2022-22965及修复方案已出**


`链接：https://github.com/light-Life/CVE-2022-22965-GUItools`




---


**描述：CVE-2022-22965 : about spring core rce**


`链接：https://github.com/Mr-xn/spring-core-rce`




---


**描述：Test for cve-2021-3864**


`链接：https://github.com/walac/cve-2021-3864`




---


**描述：None**


`链接：https://github.com/nanopathi/framework_base_AOSP10_r33_CVE-2021-0472`