Spring4Shell: 0-day RCE on Spring Core

This page summarizes the projects mentioned and recommended in the original post on /r/java
springshell spring4shell

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • Spring4Shell-POC

    Spring4Shell Proof Of Concept/And vulnerable application CVE-2022-22965

    • I have tried all the steps in the referenced PDF and lunasec link. I also went to https://github.com/BobTheShoplifter/Spring4Shell-POC and tried poc.py - no success. I am not able to reproduce it on Spring Boot 2.6.4 with java 11.

  • SpringCore0day

    SpringCore0day from https://share.vx-underground.org/ & some additional links

    • The one I've seen is https://github.com/craig/SpringCore0day/blob/main/exp.py

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • bugalert

  • spring-rce-war

  • spring-rce-vulnerable-app

    Discontinued Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228) and the possible Spring RCE vulnerability.

    • Thank you, this does clarify things a bit. What confused me is the constant referencing of SerializationUtils as in https://github.com/lunasec-io/spring-rce-vulnerable-app/blob/main/src/main/java/fr/christophetd/log4shell/vulnerableapp/MainController.java

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • help needed

    2 projects | /r/C_Programming | 3 Mar 2023

  • A Java Springcore RCE 0day exploit has been leaked. It was leaked by a Chinese security researcher who, since sharing and/or leaking it, has deleted their Twitter account.

    2 projects | /r/hacking | 31 Mar 2022

  • Spring4Shell Details and Exploit code leaked

    1 project | /r/java | 30 Mar 2022

  • SpringShell: Spring Core RCE 0-day Vulnerability

    2 projects | /r/programming | 30 Mar 2022

  • Spring4Shell Detection

    2 projects | /r/AskNetsec | 1 Apr 2022