CVE-2022-33980 PoC — Apache Commons Configuration 代码注入漏洞

Source

https://github.com/tangxiaofeng7/CVE-2022-33980-Apache-Commons-Configuration-RCE

Associated Vulnerability

Title:Apache Commons Configuration 代码注入漏洞 (CVE-2022-33980)
Description:Apache Commons Configuration是美国阿帕奇（Apache）基金会的一款通用的配置接口，它主要用于使Java应用程序从多种来源读取配置数据。 Apache Commons 2.4至2.7版本存在代码注入漏洞，该漏洞源于Apache Commons配置执行变量插值，允许动态评估和扩展属性。插值的标准格式是"${prefix:name}"，其中 "prefix "用于定位执行插值的org.apache.commons.configuration2.interpol.Lookup的实例。

Description

CVE-2022-33980 Apache Commons Configuration 远程命令执行漏洞

Readme

# CVE-2022-33980-Apache-Commons-Configuration-RCE

![img.png](img.png)

File Snapshot


 [4.0K]  /data/pocs/10a07047691d0bd495f9794dc7a955d32429ed8e
├── [180K]  img.png
├── [1.1K]  pom.xml
├── [  70]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        └── [4.0K]  java
            └── [4.0K]  com
                └── [4.0K]  txf
                    └── [ 844]  main.java

5 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!