Highlight: THM | Spring4Shell: CVE-2022-22965 'info' room

Channel:
United Kingdom MSec
Subscribers:
514
Published on ● Video Link: https://www.youtube.com/watch?v=7Myj2xCQu50


Duration: 38:23
157 views
1

In late March 2022, two remote command execution vulnerabilities in the Java Spring framework were made public. The first of these vulnerabilities affects a component of the framework called "Spring Cloud Functions". The second, arguably more serious vulnerability, affects a component in "Spring Core" — the heart of the framework — thus significantly increasing the vulnerability's potential impact and earning it the name "Spring4Shell" (a play on Log4Shell, the name of a brutal vulnerability disclosed at the end of 2021).

For various reasons, there has been a lot of confusion surrounding these vulnerabilities in the wider infosec community. As such, this room may be updated as new information comes to light. On a similar note, the impact of Spring4Shell is currently unknown; only time will tell how wide-spread the vulnerability is in the wild.

This room will provide an overview of the Spring4Shell RCE vulnerability in Spring Core, as well as give you an opportunity to exploit it for yourself in the vulnerable machine attached to this task. We will start by taking a look at the vulnerability at a high-level, before exploiting the target machine for ourselves. https://tryhackme.com/room/spring4shell

-- Watch live at https://www.twitch.tv/msec



Other Videos By MSec


2022-04-16Highlight: THM: Polkit: CVE-2021-3560 'info' room
2022-04-16Highlight: THM: Sudo Baron Samedit CVE-2021-3156 'info' room
2022-04-16Highlight: THM: Sudo Security Bypass CVE-2019-14287 'info' room
2022-04-16Highlight: THM: OverlayFS - CVE-2021-3493 'info' room
2022-04-16Highlight: THM: Sudo Buffer Overflow CVE-2019-18634 'info' room
2022-04-16Highlight: THM: Pwnkit: CVE-2021-4034 'info' room
2022-04-11Highlight: THM: REmux The Tmux 'info' room.
2022-04-11Highlight: THM: Common Attacks 'info' room
2022-04-11Highlight: THM: Python Basics 'info' room
2022-04-11Highlight: THM: Intro to LAN 'info' room
2022-04-08Highlight: THM | Spring4Shell: CVE-2022-22965 'info' room
2022-04-08Highlight: THM | Dirty Pipe: CVE-2022-0847 'info' room
2022-04-05Highlight: THM | Linux Fundamentals Part 3 'info' room
2022-04-05Highlight: THM | Linux Fundamentals Part 1 'info' room
2022-04-05Highlight: THM | Linux Fundamentals Part 2 'info' room
2022-04-05Highlight: THM | Linux Fundamentals 'info' room Wrap-up
2022-03-29Highlight: THM: OWASP Top 10 - [Severity 4] XML External Entity (Part 2)
2022-03-29Highlight: THM: OWASP Top 10 - [Severity 9] Components With Known Vulnerabilities
2022-03-29Highlight: THM: OWASP Top 10 - [Severity 1] Injection
2022-03-29Highlight: THM: OWASP Top 10 - [Severity 3] Sensitive Data Exposure
2022-03-29Highlight: THM: OWASP Top 10 - [Severity 8] Insecure Deserialization


Tags:
CVE-2022-22965
Java
MSec
Spring
Spring4Shell
THM
TryHackMe
Twitch
games
twitch
vulnerability