Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-22963 PoC — Spring Framework 代码注入漏洞

Source
https://github.com/HenriV-V/Exploit-for-CVE-2022-22963
Associated Vulnerability
Title:Spring Framework 代码注入漏洞 (CVE-2022-22963)
Description:In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Description
An exploit for the CVE-2022-22963 (Spring Cloud Function Vulnerability)
Readme
# Exploit-for-CVE-2022-22963

Exploit using curl to get a reverse shell in vulnerable spring cloud environments.

This exploit abuses the functionRouter URI, by injecting code into the `eval` function of the Spring Framework through a post request with a header that gives us Remote Code Execution (RCE). 

<p align="center">
  <img src="images/2023-06-29_01-30.png" width="650" title="Terminal print">
</p>

### Created by

[Henri Vlasic](https://github.com/HenriVlasic)
- [Linkedin](https://www.linkedin.com/in/henri-vlasic/)

[Arthur Valverde](https://github.com/arthurvmbl)
- [Linkedin](https://www.linkedin.com/in/uartuo/)
File Snapshot

 [4.0K]  /data/pocs/156bacdffcc4c71a2a61cd7681d1bae449db91ee
├── [4.0K]  images
│   └── [577K]  2023-06-29_01-30.png
├── [ 628]  README.md
└── [1.1K]  spring-injection.sh

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →