Spring4Shell/RCE in Spring Core-Simple Analysis

Michael Koczwara
3 min readApr 3, 2022

Spring4Shell simple POC/CVE-2022–22965

Affected Software and Versions

Existing proofs of concept (POCs) for exploitation work under the following conditions:

  • JDK 9 or higher
  • Apache Tomcat as the Servlet container
  • Packaged as a traditional WAR (in contrast to a Spring Boot executable jar)
  • spring-webmvc or spring-webflux dependency
  • Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions

Any Java application using Spring Beans packet (spring-beans-*.jar) and using Spring parameters binding could be affected by this vulnerability.

Spring4Shell POC Application

We can follow the instructions below and create a vulnerable environment to test the exploit and affected Spring version(I have created my own docker environment in Digital Ocean).

https://github.com/reznok/Spring4Shell-POC

GitHub - reznok/Spring4Shell-POC: Dockerized Spring4Shell (CVE-2022-22965) PoC application and…

This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965). Full Java…

Spring4Shell Exploit code (POC)

https://github.com/lunasec-io/Spring4Shell-POC/blob/master/exploit.py

Spring4Shell-POC/exploit.py at master · lunasec-io/Spring4Shell-POC

You can't perform that action at this time. You signed in with another tab or window. You signed out in another tab or…

Quick Summary

Running Docker and vulnerable Spring app

docker environment

Executing payload

executing payload

Webshell uploaded and root access obtained

Michael Koczwara

Written by Michael Koczwara

1.3K Followers

Threat Researcher