Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-22947 PoC — VMware Spring Cloud Gateway 代码注入漏洞

Source
https://github.com/Zh0um1/CVE-2022-22947
Associated Vulnerability
Title:VMware Spring Cloud Gateway 代码注入漏洞 (CVE-2022-22947)
Description:In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
Description
CVE-2022-22947注入哥斯拉内存马
Readme
### 简介

通过 CVE-2022-22947 注入哥斯拉内存马,由于找到的几个工具都没有代理功能,就自己造了个轮子

### 使用方式

```bash
main -u http://127.0.0.1:8080
```

使用代理

```
main -u http://127.0.0.1:8080 -p http://10.0.0.1:8080
```

![image-20230207103950063](images/image-20230207103950063.png)

![image-20230207104022941](images/image-20230207104022941.png)

![image-20230207104606870](images/image-20230207104606870.png)

### 参考

https://blog.wanghw.cn/tech-share/cve-2022-22947-inject-godzilla-memshell.html
File Snapshot

 [4.0K]  /data/pocs/0bdc8bb4364f1d8fa33fcbbd6721036ad122c20b
├── [  31]  go.mod
├── [   0]  go.sum
├── [4.0K]  images
│   ├── [ 21K]  image-20230207103950063.png
│   ├── [ 14K]  image-20230207104022941.png
│   └── [ 26K]  image-20230207104606870.png
├── [ 14K]  main.go
└── [ 558]  README.md

1 directory, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →