CVE-2022-22947 PoC — VMware Spring Cloud Gateway 代码注入漏洞

Source

https://github.com/hunzi0/CVE-2022-22947-Rce_POC

Associated Vulnerability

Title:VMware Spring Cloud Gateway 代码注入漏洞 (CVE-2022-22947)
Description:In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.

Description

批量url检测Spring-Cloud-Gateway-CVE-2022-22947

Readme

# CVE-2022-22947-Rce_POC
批量url检测Spring-Cloud-Gateway-CVE-2022-22947

# 使用方法
```py Spring-Cloud-Gateway.py UrlsPath```

执行完生成gateway.log文件，其中“+”、“-”、“*”分别代表存在、不存在、请求异常

<img width="639" alt="1" src="https://user-images.githubusercontent.com/57057346/156787696-36f97ce7-1241-4111-a837-7388768e39ca.png">

<img width="373" alt="2" src="https://user-images.githubusercontent.com/57057346/156787757-09fefe08-2a40-49a8-b03f-3f4c609fe0fd.png">

<img width="800" alt="passwd" src="https://user-images.githubusercontent.com/57057346/156787625-9d89bcb1-19a0-419e-b7f2-b3516d15d6ca.png">

File Snapshot


 [4.0K]  /data/pocs/f59e5bf620ca299337b849d98565ffa493821ebc
├── [135K]  1.png
├── [ 37K]  2.png
├── [ 95K]  passwd.png
├── [ 659]  README.md
├── [3.9K]  Spring-Cloud-Gateway.py
└── [   1]  urls.txt

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!