Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-22263 PoC — Arbitrary File Write Vulnerability in Spring Cloud Data Flow

Source
https://github.com/securelayer7/CVE-2024-22263_Scanner
Associated Vulnerability
Title:Arbitrary File Write Vulnerability in Spring Cloud Data Flow (CVE-2024-22263)
Description:Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api can use a crafted upload request to write arbitrary file to any location on file system, may even compromises the server.
Description
(CVE-2024-22263) Spring Cloud Dataflow Arbitrary File Writing Scanner
Readme
# CVE-2024-22263_Scanner
For Ethical Usage only, Any harmful or malicious activities are not allowed. And it's your own responsibility.

CVE-2024-22263: Spring Cloud Dataflow Arbitrary File Writing


# Usage
```
 ██████╗██╗   ██╗███████╗    ██████╗  ██████╗ ██████╗ ██╗  ██╗      ██████╗ ██████╗ ██████╗  ██████╗ ██████╗ 
██╔════╝██║   ██║██╔════╝    ╚════██╗██╔═████╗╚════██╗██║  ██║      ╚════██╗╚════██╗╚════██╗██╔════╝ ╚════██╗
██║     ██║   ██║█████╗█████╗ █████╔╝██║██╔██║ █████╔╝███████║█████╗ █████╔╝ █████╔╝ █████╔╝███████╗  █████╔╝
██║     ╚██╗ ██╔╝██╔══╝╚════╝██╔═══╝ ████╔╝██║██╔═══╝ ╚════██║╚════╝██╔═══╝ ██╔═══╝ ██╔═══╝ ██╔═══██╗ ╚═══██╗
╚██████╗ ╚████╔╝ ███████╗    ███████╗╚██████╔╝███████╗     ██║      ███████╗███████╗███████╗╚██████╔╝██████╔╝
 ╚═════╝  ╚═══╝  ╚══════╝    ╚══════╝ ╚═════╝ ╚══════╝     ╚═╝      ╚══════╝╚══════╝╚══════╝ ╚═════╝ ╚═════╝ 
                                                                                                             
                                        By: SecureLayer7 (Zeyad Azima)
                            https://github.com/securelayer7/CVE-2024-22263_Scanner
    


usage: CVE-2024-22263.py [-h] [-t TARGET] [-p PORT] [-r REPONAME] [-n PACKAGENAME] [-v VERSION] [-f FILE]

Upload a package to the server.

optional arguments:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        The target to scan (e.g., http://192.168.1.1).
  -p PORT, --port PORT  The port on the target (default: 80).
  -r REPONAME, --repoName REPONAME
                        The repository name (default: local).
  -n PACKAGENAME, --packageName PACKAGENAME
                        The name of the package (default: ../../../poc).
  -v VERSION, --version VERSION
                        The version of the package (default: 1.0.0).
  -f FILE, --file FILE  A file containing a list of targets to scan in the format "http://target,port".
```

## **Options**

- **`-t` or `--target`**: Specify the target server URL (e.g., `http://192.168.1.1`). This option is used when scanning a single target.

- **`-p` or `--port`**: Specify the port on the target server (default: `80`). Use this option to set a specific port for the target server.

- **`-r` or `--repoName`**: Set the repository name where the package will be uploaded (default: `local`).

- **`-n` or `--packageName`**: Set the name of the package (default: `../../../poc`). The package name is the path you want to write the file to..

- **`-v` or `--version`**: Set the version of the package (default: `1.0.0`).

- **`-f` or `--file`**: Specify a file containing a list of targets to scan. Each line in the file should follow the format `http://target,port`. Use this option to scan multiple targets from a file.

## **Scan a Single Target**

To scan a single target with a specific port:

```bash
python3 scanner.py -t http://192.168.1.1 -p 7577
```

## **Scan Multiple Targets from a File**

To scan multiple targets from a file:

```bash
python3 scanner.py -f targets.txt
```

The `targets.txt` file should contain lines in the following format:

```
http://192.168.1.1,7577
http://192.168.1.2,8080
```

## **Custom repository name, package version and package name**

To customize the repository name, package version and package name:
package name is the path you want to write the file to.

```bash
python3 scanner.py -t http://192.168.1.1 -p 7577 -r customRepo -n customPackage -v 2.0.0
```

# Screenshots

![image](https://github.com/user-attachments/assets/e2fc9612-e305-4448-8122-96469983f555)
File Snapshot

 [4.0K]  /data/pocs/222002f95ad04dbdda8e7ce01a4e29ba454b336c
├── [6.5K]  CVE-2024-22263_Scanner.py
└── [4.5K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →