Our great sponsors
-
Spring4Shell-POC
This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965). (by lunasec-io)
-
nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
The amazing group of members at Lunasec developed a Java Web Application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965), The Application is dockerized so that it can be easily implemented, The Application was built based on the tutorials provided on the official Documentation of Spring for Form Handling. Github Link: https://github.com/lunasec-io/Spring4Shell-POC
Recently one of the security researchers has built a Nuclei Template to Detect Spring4Shell, This template can be easily run to scan for Spring4Shell on your Networking, routing, or security devices inside your network. Template Link: https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2022/CVE-2022-22965.yaml
Related posts
- Script kiddie tools preferred by the hackers of this channel?
- Link CVE to installed applications?
- XSS vulnerabilities discovered in ServiceNow - CVE-2022-38463
- GitHub - projectdiscovery/nuclei: Fast and customizable vulnerability scanner based on simple YAML based DSL.
- HAFNIUM post-breach - burp collaborator?