Added Spring4Shell (CVE-2022-22965) Testbed

spring/spring4shell/README.md

@@ -0,0 +1,35 @@
+# Spring4Shell (CVE-2022-22965) Testbed
+
+Sample Spring form using Tomcat as the server. The vulnerability appears to be only exploitable when packaged as a WAR file and served through a servlet container, such as Apache Tomcat.
+
+## Deploy the testbed
+
+### Vulnerable
+The vulnerable test application uses:
+- Spring Boot v2.6.3
+- Spring Core v5.3.15
+
+The application can be deployed using the following command:
+```
+docker compose up
+```
+
+### Safe
+The safe test application uses:
+- Spring Boot v2.7.0
+- Spring Core v5.3.20
+
+The application can be deployed using the following command:
+```
+docker compose -f docker-compose-safe.yml up
+```
+
+## Proof of concept
+The following docker-packaged proof of concept can be used to verify if the application is vulnerable:
+```
+docker run --rm --net=host bobtheshoplifter/spring4shell-poc:latest --url "http://127.0.0.1:8080/spring-form/greeting"
+```
+
+## References
+
+Testbeds and Proof of Concept are from [github.com/BobTheShoplifter/Spring4Shell-POC](https://github.com/BobTheShoplifter/Spring4Shell-POC/).

spring/spring4shell/app/index.html

@@ -0,0 +1,2 @@
+<h1>Spring4Shell Testbed</h1>
+<a href="/spring-form/greeting">Vulnerable Form</a>

spring/spring4shell/docker-compose-safe.yml

@@ -0,0 +1,9 @@
+name: spring4shell-testbed-safe
+services:
+  app:
+    image: tomcat:9.0.60-jre11-openjdk-slim-buster
+    ports:
+      - "8080:8080"
+    volumes:
+      - "./app/index.html:/usr/local/tomcat/webapps/ROOT/index.html"
+      - "./app/spring-form-safe.war:/usr/local/tomcat/webapps/spring-form.war"

spring/spring4shell/docker-compose.yml

@@ -0,0 +1,9 @@
+name: spring4shell-testbed-vulnerable
+services:
+  app:
+    image: tomcat:9.0.60-jre11-openjdk-slim-buster
+    ports:
+      - "8080:8080"
+    volumes:
+      - "./app/index.html:/usr/local/tomcat/webapps/ROOT/index.html"
+      - "./app/spring-form-vuln.war:/usr/local/tomcat/webapps/spring-form.war"