来源

关联漏洞

介绍

# CVE-2022-22963 Exploit

## Description


In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. more details can be found in the [CVE-2022-22963 Detail](https://nvd.nist.gov/vuln/detail/CVE-2022-22963).

Based on the PoC provided by [AayushmanThapaMagar](https://github.com/AayushmanThapaMagar/CVE-2022-22963), I am creating a simple exploit of this vulnerability to get a reverse shell from the vulnerable server.

The porpuse of this project is to make it easier to test the vulnerability and to learn how to exploit it. I will add more details about the reason behind this vulnerability later.
## Requirements

To run this exploit, you only need docker.

## Usage



Clone the repository and run the following command:

```bash
docker-compose up -d
```

This will start two containers, one with the vulnerable server and the other with the attacker machine.

Now you can run the exploit:

### Linux

In Linux, you can run the exploit with the following command:

```bash
./run.sh
```
> Note: you may need sudo to run the commands above.

### Windows

........

## Stop the containers

To stop the containers, run the following command:

```bash
docker-compose down
```

文件快照

 [4.0K]  /data/pocs/98f537932576700126b4fa3500ccd06a8cb24a28
├── [4.0K]  attacker
│   ├── [ 163]  Dockerfile
│   └── [1.7K]  exploit.py
├── [ 360]  docker-compose.yaml
├── [1.4K]  README.md
├── [ 349]  run.sh
└── [4.0K]  server
    └── [ 665]  Dockerfile

2 directories, 6 files

备注