Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-22963 PoC — Spring Framework 代码注入漏洞

Source
https://github.com/randallbanner/Spring-Cloud-Function-Vulnerability-CVE-2022-22963-RCE
Associated Vulnerability
Title:Spring Framework 代码注入漏洞 (CVE-2022-22963)
Description:In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Readme
# Spring Cloud Function Vulnerability (CVE-2022-22963) RCE
This is a python implemetation of Spring4Shell, CVE-2022-22963, 
affecting services running Spring Cloud Function <=3.1.6 (for 3.1.x) 
and <=3.2.2 (for 3.2.x)

Combination of multiple POCs online

Author: Randall Banner

Date: 17/04/23

Description:
Script creates shell.sh in current directory, with a simple bash reverse shell
one-liner. Then starts a webserver to serve it to the victim via wget (output in 
/dev/shm folder), next it makes shell.sh executable and finally runs it.

Don't forget to start Netcat before running script!
File Snapshot

 [4.0K]  /data/pocs/da316bb361b82f130a0b2a95bb2035575203bf52
├── [ 596]  README.md
└── [4.1K]  spring-cloud-rce.py

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →