Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-33980 PoC — Apache Commons Configuration 代码注入漏洞

Source
https://github.com/P0lar1ght/CVE-2022-33980-EXP
Associated Vulnerability
Title:Apache Commons Configuration 代码注入漏洞 (CVE-2022-33980)
Description:Apache Commons Configuration是美国阿帕奇(Apache)基金会的一款通用的配置接口,它主要用于使Java应用程序从多种来源读取配置数据。 Apache Commons 2.4至2.7版本存在代码注入漏洞,该漏洞源于Apache Commons配置执行变量插值,允许动态评估和扩展属性。插值的标准格式是"${prefix:name}",其中 "prefix "用于定位执行插值的org.apache.commons.configuration2.interpol.Lookup的实例。
File Snapshot

 [4.0K]  /data/pocs/897900f7e7deabc324cc46cef1d908d3f987299f
├── [ 775]  Dockerfile
├── [1.6K]  pom.xml
└── [4.0K]  src
    └── [4.0K]  main
        └── [4.0K]  java
            └── [4.0K]  org
                └── [4.0K]  example
                    └── [4.0K]  start
                        ├── [1.1K]  ShellPOC.java
                        └── [ 296]  Start.java

6 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.