[go: nahoru, domu]
Skip to content

CalumHutton/CVE-2022-22965-PoC_Payara

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
exploits
exploits
 
 
gradle/wrapper
gradle/wrapper
 
 
src
src
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
docker-compose.yml
docker-compose.yml
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
pom.xml
pom.xml
 
 
settings.gradle
settings.gradle
 
 

Repository files navigation

CVE-2022-22965 PoC - Payara Arbitrary File Download

Minimal example of how to reproduce CVE-2022-22965 Spring vulnerability in Payara/Glassfish.

Alternative payload for Payara/Glassfish that allows the malicious user to set an arbitrary web root, leading to arbitrary file download.

Run using docker compose

  1. Build the application using Docker compose 
    docker-compose up --build
  2. To test the app browse to http://localhost:8080/handling-form-submission-complete/greeting
  3. Run the exploit 
    ./exploits/run.sh

Conditions

The exploit requires Java 9 or above because module property was added in Java 9.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages