stuff.txt

At this point, it is probably easier to just use something like this: https://github.com/reznok/Spring4Shell-POC


- clone https://spring.io/guides/gs/handling-form-submission/
- you can skip right to gs-handling-form-submission/complete, no need to follow the tutorial
- modify it so that you can build a war file (https://www.baeldung.com/spring-boot-war-tomcat-deploy)
- install tomcat9 + java 11 (i did it on ubuntu 20.04)
- deploy the war file
- update the PoC (https://share.vx-underground.org/) to write the tomcatwar.jsp file to webapps/handling-form-submission instead of webapps/ROOT
- run PoC (ignore the URL it gives you for the webshell): python3 exp.py --url http://your.ip.here:8080/handling-form-submission-complete/greeting
- you should see the "tomcatwar.jsp" file now in webapps/handling-form-submission
- hit http://your.ip.here:8080/handling-form-submission/tomcatwar.jsp?pwd=j&cmd=id to see the results

Does Spring Boot suffer from this vulnerability?

the zip file requires on https://share.vx-underground.org/ a password, what should I give ?

zip password is mentioned at second 12 in this clip: https://www.youtube.com/watch?v=n8FbMY-quW4

https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

Am I Impacted?
These are the requirements for the specific scenario from the report:

• JDK 9 or higher
• Apache Tomcat as the Servlet container
• Packaged as WAR
• spring-webmvc or spring-webflux dependency

However, the nature of the vulnerability is more general, and there may be other ways to exploit it that have not been reported yet.

what is the zip password, bro?