CVE-2022-22947 PoC — VMware Spring Cloud Gateway 代码注入漏洞

Source

https://github.com/stayfoolish777/CVE-2022-22947-POC

Associated Vulnerability

Title:VMware Spring Cloud Gateway 代码注入漏洞 (CVE-2022-22947)
Description:In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.

Description

批量检测Spring Cloud Gateway 远程代码执行漏洞 Spring_Cloud_Gateway_RCE_POC-CVE-2022-22947

Readme

# Spring-Cloud-Gateway-CVE-2022-22947


Spring Cloud Gateway远程代码执行漏洞的安全公告。该漏洞为当Spring Cloud Gateway启用和暴露 Gateway Actuator 端点时，使用 Spring Cloud Gateway 的应用程序可受到代码注入攻击。攻击者可以发送特制的恶意请求，从而远程执行任意代码。

【受影响版本】

Spring Cloud Gateway < 3.1.1
Spring Cloud Gateway < 3.0.7
Spring Cloud Gateway 旧的、不受支持的版本也会受到影响
【安全版本】

Spring Cloud Gateway >= 3.1.1
Spring Cloud Gateway >= 3.0.7


Spring Cloud Gateway 是基于 Spring Framework 和 Spring Boot 构建的 API 网关，它旨在为微服务架构提供一种简单、有效、统一的 API 路由管理方式。



修复建议
临时修复建议：

如果不需要网关执行器端点，则应通过 management.endpoint.gateway.enabled: false 禁用它。如果需要执行器，则应使用 Spring Security 对其进行保护，请参阅https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html#actuator.endpoints.security。

通用修复建议：

官方已发布安全版本，请及时下载更新，下载地址：https://github.com/spring-cloud/spring-cloud-gateway

## 
通过url进行攻击


使用python3 运行

![image](https://user-images.githubusercontent.com/104476528/172762194-3a8290c9-3a13-4612-9b46-6991f33d53d9.png)


示范

 ![image](https://user-images.githubusercontent.com/104476528/172762289-16b9604a-2f77-4aa9-bb45-5eb873715387.png)



# 本网站所提供的信息，只供参考之用

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!