Skip to content

Retrospected/spring-rce-poc

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

spring-rce-poc

Quick test setup to replicate the spring-rce (CVE-2022-22965):
Deploy a docker container with Tomcat, SpringMVC and a pre-compiled vulnerable app (available at https://github.com/fengguangbin/spring-rce-war).
Then run the exploit (grabbed from https://github.com/tweedge/springcore-0day-en).

Requirements

Docker & python3

How-To

First run deploy.sh to build and deploy the docker container
Wait untill the docker is up & running
then run exploit.sh

Remediation

When the following remediating code in the vulnerable app is added (as mentioned in the original source code), I can confirm that the default method of exploitation used by the original exploit.py is no longer successful.

@InitBinder
  public void initBinder(WebDataBinder binder) {
     String[] blackList = {"class.*","Class.*","*.class.*",".*Class.*"};
     binder.setDisallowedFields(blackList);
}

At the time of writing there is no patch for Spring Core available yet.

Disclaimer

I am not the developer of the exploit, the exploit is available on various github repositories already way before i published this project. I merely modified its content to make it work against this dockerized test-setup. This repository is meant for security researchers and developers to get a better understanding about the vulnerability and to test remediations.

Spring published that they released new version of their Spring Framework (versions 5.3.18 and 5.2.20) that would fix this vulnerability, also refer to: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published