Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-31692 PoC — VMware Spring Security 安全漏洞

Source
https://github.com/hotblac/cve-2022-31692
Associated Vulnerability
Title:VMware Spring Security 安全漏洞 (CVE-2022-31692)
Description:Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)
Description
Demonstration of CVE-2022-31692 authorization bypass in Spring Security
Readme
# CVE-2022-31692
A demonstration of a Spring Security authorization bypass.

See [CVE-2022-31692 Spring Security Authorization bypass](https://www.dontpanicblog.co.uk/2023/11/20/cve-2022-31692-spring-security-authorization-bypass/) on Don't Panic!
File Snapshot

 [4.0K]  /data/pocs/369a921061dccafbc6ef5b35bb4ab0c09a2c89fb
├── [1.1K]  LICENSE
├── [2.6K]  pom.xml
├── [ 247]  README.md
└── [4.0K]  src
    ├── [4.0K]  main
    │   ├── [4.0K]  java
    │   │   └── [4.0K]  org
    │   │       └── [4.0K]  dontpanic
    │   │           └── [4.0K]  cve202231692
    │   │               ├── [ 331]  Cve202231692Application.java
    │   │               ├── [ 303]  ForwardController.java
    │   │               └── [1.4K]  WebSecurityConfig.java
    │   └── [4.0K]  resources
    │       ├── [  82]  application.properties
    │       └── [4.0K]  static
    │           ├── [ 182]  accessDenied.html
    │           ├── [ 317]  index.html
    │           └── [ 231]  restricted.html
    └── [4.0K]  test
        └── [4.0K]  java
            └── [4.0K]  org
                └── [4.0K]  dontpanic
                    └── [4.0K]  cve202231692
                        └── [ 224]  Cve202231692ApplicationTests.java

13 directories, 11 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →