Skip to content

Commit

Permalink
Spring4Shell
Browse files Browse the repository at this point in the history
  • Loading branch information
xx committed Apr 8, 2022
1 parent b3bb0ef commit ce94008
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 1 deletion.
4 changes: 3 additions & 1 deletion brute/filefuzz.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,9 @@ func reqPage(u string) (*page, *pkg.Response, error) {
method = "HEAD"
}
}
if req, err := pkg.HttpRequset(u, method, "", false, nil); err == nil {
header := make(map[string]string)
header["Accept"] = "text/html,*/*;"
if req, err := pkg.HttpRequset(u, method, "", false, header); err == nil {
if pkg.IntInSlice(req.StatusCode, []int{301, 302, 307, 308}) {
page.is302 = true
}
Expand Down
18 changes: 18 additions & 0 deletions pocs_go/Springboot/CVE-2022-22965.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
package Springboot

import (
"github.com/veo/vscan/pkg"
)

func CVE_2022_22965(u string) bool {
if req, err := pkg.HttpRequset(u+"?class.module.classLoader%5b1%5d=1", "GET", "", false, nil); err == nil {
if req.StatusCode == 500 {
if req2, err := pkg.HttpRequset(u+"?class.module.classLoader=1", "GET", "", false, nil); err == nil {
if req2.StatusCode == 200 {
return true
}
}
}
}
return false
}
4 changes: 4 additions & 0 deletions pocs_go/go_poc_check.go
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,10 @@ func POCcheck(wappalyzertechnologies []string, URL string, finalURL string) []st
if zabbix.CVE_2022_23131(URL) {
technologies = append(technologies, "exp-ZabbixSAML|bypass-login")
}
case "Spring":
if Springboot.CVE_2022_22965(finalURL) {
technologies = append(technologies, "exp-Spring4Shell|CVE_2022_22965")
}
case "SpringGateway":
if Springboot.CVE_2022_22947(URL) {
technologies = append(technologies, "exp-SpringGateway|CVE_2022_22947")
Expand Down

0 comments on commit ce94008

Please sign in to comment.