Spring4Shell-POC
bugalert
Spring4Shell-POC | bugalert | |
---|---|---|
6 | 8 | |
348 | 207 | |
- | 0.0% | |
0.0 | 4.7 | |
over 1 year ago | 5 months ago | |
Python | Python | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Spring4Shell-POC
-
help needed
Hey guys, I'm rewriting this poc for spring4shell in c .
- A Java Springcore RCE 0day exploit has been leaked. It was leaked by a Chinese security researcher who, since sharing and/or leaking it, has deleted their Twitter account.
-
Spring4Shell Details and Exploit code leaked
It's quite trivial to build a working POC using the steps at https://github.com/BobTheShoplifter/Spring4Shell-POC
-
Spring4Shell: 0-day RCE on Spring Core
I have tried all the steps in the referenced PDF and lunasec link. I also went to https://github.com/BobTheShoplifter/Spring4Shell-POC and tried poc.py - no success. I am not able to reproduce it on Spring Boot 2.6.4 with java 11.
-
SpringShell: Spring Core RCE 0-day Vulnerability
Created a repo for the issue, https://github.com/BobTheShoplifter/Spring4Shell-POC ill update it as we explore the issue
bugalert
- Confirmed remote code execution (RCE) in Spring Core, an extremely popular Java framework
- Spring Core RCE has been confirmed
- Spring4Shell: 0-day RCE on Spring Core
-
Spring Cloud Function SPEL Expression Injection Vulnerability Alert
Also: https://github.com/BugAlertDotOrg/bugalert/blob/main/content/notices/2022-03-29-spring.md
- Possible Spring core RCE
-
We desperately need a way to notify people of high-impact vulns, so I built one
etc
Category list is found at: https://github.com/BugAlertDotOrg/bugalert#category
Again, working on getting this all up on the site soon if you'd prefer to just check back later.
-
We desperately need a way to rapidly notify people of high-impact vulnerabilities, so I built one
Feel free to open a GitHub issue! https://github.com/BugAlertDotOrg/bugalert/issues
What are some alternatives?
Spring - Spring Framework
Spring4Shell-POC - This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965).
SpringCore0day - SpringCore0day from https://share.vx-underground.org/ & some additional links
SpringShell - Spring4Shell - Spring Core RCE - CVE-2022-22965
spring-rce-vulnerable-app - Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228) and the possible Spring RCE vulnerability.
Spring4Shell-Detection - Lazy SPL to detect Spring4Shell exploitation
CVE-2022-22965 - 🚀 Exploit for Spring core RCE in C [ wip ]
spring-rce-war
springcore-0day-en - Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.