Spring4Shell-POC
Spring
Spring4Shell-POC | Spring | |
---|---|---|
6 | 79 | |
348 | 55,239 | |
- | 0.7% | |
0.0 | 10.0 | |
over 1 year ago | 5 days ago | |
Python | Java | |
- | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Spring4Shell-POC
-
help needed
Hey guys, I'm rewriting this poc for spring4shell in c .
- A Java Springcore RCE 0day exploit has been leaked. It was leaked by a Chinese security researcher who, since sharing and/or leaking it, has deleted their Twitter account.
-
Spring4Shell Details and Exploit code leaked
It's quite trivial to build a working POC using the steps at https://github.com/BobTheShoplifter/Spring4Shell-POC
-
Spring4Shell: 0-day RCE on Spring Core
I have tried all the steps in the referenced PDF and lunasec link. I also went to https://github.com/BobTheShoplifter/Spring4Shell-POC and tried poc.py - no success. I am not able to reproduce it on Spring Boot 2.6.4 with java 11.
-
SpringShell: Spring Core RCE 0-day Vulnerability
Created a repo for the issue, https://github.com/BobTheShoplifter/Spring4Shell-POC ill update it as we explore the issue
Spring
-
Top 10 GitHub Repositories for Python and Java Developers
1. Spring Framework The Spring Framework is a popular Java framework used for building enterprise-level applications. This repository contains the source code for the framework and related projects such as Spring Boot and Spring Security. https://github.com/spring-projects/spring-framework
-
Restrictive Abstractions
This interface is a simplified version of real caching abstractions from Java technologies such as the ones from Spring or JCache (JSR-107). Both are part of quite complex solutions, having more generic types and different capabilities. Also, annotations would be preferred to using Cache directly in most Java applications.
-
They said to use the Default Dispatchers but I found out it was Unconfined
Cross-post: Controller code using Unconfined Dispatcher #32032
- Spring 6.1 now compatible with virtual threads and JDK 21 overall
- What's New in Spring Framework 6.1
-
CWE Top Most Dangerous Software Weaknesses
Mitre really lost a lot of respect with CVE-2016-1000027. Every few weeks a warning that any SpringBoot 2.x project has a CVSS 9.8, which causes all sorts of heartache for those of us bound to CVE remediation. Every blasted security tool reports this one. Spring reviewed and rejected, as did our very, very large organization. Comically, this has become the CVE we use to see how our tools allow us to white/black list entries.
Thank god Spring dropped this interface in the Framework 6.x / Boot 3.x release, and the end for non-commercial support is this year for the old stuff.
https://github.com/spring-projects/spring-framework/issues/2...
-
Help with GetMapping annotation
Referring to https://github.com/spring-projects/spring-framework/blob/main/spring-web/src/main/java/org/springframework/web/bind/annotation/GetMapping.java, the value could have got assigned to any of the other members like name, path, params, etc. Is there any logic involved that enables the single value passed to the GetMapping annotation to be assigned to the value member?
-
What's your most painful experience of debugging an issue that only reproduced in production?
This one. In short, JMS listeners stopped working randomly (of course only on Saturdays, and only under load), but at first we didn't know that and suspected the message broker at fault. We had quite extensive logging, but no observability on the broker. Can't remember all the details, but eventually we figured out it was the listener container, and I could reproduce it after debugging deeply into Spring code during a load test.
-
10+ Open-Source Projects For Web Developers In 2023
GitHub Stars: 51 K GitHub Link: https://github.com/spring-projects/spring-framework
-
Dropwizard 3.0.0 and 4.0.0 have been released
It still has, but it is more of "imaginary" one (https://github.com/spring-projects/spring-framework/issues/24434).
What are some alternatives?
Spring4Shell-POC - This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965).
Jooby - The modular web framework for Java and Kotlin
SpringShell - Spring4Shell - Spring Core RCE - CVE-2022-22965
Vaadin - Vaadin 6, 7, 8 is a Java framework for modern Java web applications.
spring-rce-vulnerable-app - Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228) and the possible Spring RCE vulnerability.
Ninja - Ninja is a full stack web framework for Java. Rock solid, fast and super productive.
SpringCore0day - SpringCore0day from https://share.vx-underground.org/ & some additional links
Spring Boot - Spring Boot
Spring4Shell-Detection - Lazy SPL to detect Spring4Shell exploitation
Google Web Toolkit - GWT Open Source Project
CVE-2022-22965 - 🚀 Exploit for Spring core RCE in C [ wip ]
Play - The Community Maintained High Velocity Web Framework For Java and Scala.