Skip to content

CalumHutton/CVE-2022-22965-PoC_Payara

Repository files navigation

CVE-2022-22965 PoC - Payara Arbitrary File Download

Minimal example of how to reproduce CVE-2022-22965 Spring vulnerability in Payara/Glassfish.

Alternative payload for Payara/Glassfish that allows the malicious user to set an arbitrary web root, leading to arbitrary file download.

Run using docker compose

  1. Build the application using Docker compose
    docker-compose up --build
  2. To test the app browse to http://localhost:8080/handling-form-submission-complete/greeting
  3. Run the exploit
    ./exploits/run.sh

Conditions

The exploit requires Java 9 or above because module property was added in Java 9.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published