.. / CVE-2022-22965

Exploit for Spring - Remote Code Execution (CVE-2022-22965)

Description:

Spring MVC and Spring WebFlux applications running on Java Development Kit 9+ are susceptible to remote code execution via data binding. It requires the application to run on Tomcat as a WAR deployment. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

Nuclei Template

View the template here CVE-2022-22965.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-22965.yaml

References:

https://tanzu.vmware.com/security/cve-2022-22965
https://twitter.com/RandoriAttack/status/1509298490106593283
https://twitter.com/_0xf4n9x_/status/1509935429365100546
https://mp.weixin.qq.com/s/kgw-O4Hsd9r2vfme3Y2Ynw
https://nvd.nist.gov/vuln/detail/cve-2022-22965
https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/

.. / CVE-2022-22965 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Spring - Remote Code Execution (CVE-2022-22965)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-22965