Replies: 1 comment 1 reply
-
Hi @alexvelickiy I can see in the case of nuclei template - CVE-2022-22965 it make use of different payload to initiate DNS interaction instead of file write like in the case of Metasploit module which requires or depends on |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Template Information:
The Metasploit module for CVE-2022-22965 allows users to rewrite default value (webapps/ROOT) of
class.module.classLoader.resources.context.parent.pipeline.first.directory
parameter (PAYLOAD_PATH Metasploit option).https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/multi/http/spring_framework_rce_spring4shell.md
I don't know it there are cases when default value doesn't work. But if any, should the '--app-path' parameter be added to the template?
Nuclei Template:
Beta Was this translation helpful? Give feedback.
All reactions