This repository contains a Rust-based exploit for the CVE-2022-22963 vulnerability found in Spring Cloud Function versions 3.1.6, 3.2.2, and older unsupported versions. The vulnerability allows remote code execution and access to local resources through a specially crafted Spring Expression (SpEL) used as a routing-expression.
In Spring Cloud Function versions 3.1.6, 3.2.2, and older unsupported versions, when using routing functionality, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
This exploit allows you to:
1. Test if the Spring Cloud Function is vulnerable
2. Send shellcode for a shell
3. Enter custom commands
Spring Cloud Function 3.1.6
Spring Cloud Function 3.2.2
Older, unsupported versions
Users of affected versions should upgrade to 3.1.7 or 3.2.3. No other steps are necessary. Releases that have fixed this issue include:
Spring Cloud Function 3.1.7
Spring Cloud Function 3.2.3
1. Clone this repository.
2. Ensure you have Rust and Cargo installed.
3. Compile the exploit using cargo build --release.
4. Run the compiled binary found in the target/release directory, providing the target IP address when prompted.
5. Select an option from the menu and follow the instructions.
This vulnerability was initially discovered and responsibly reported by m09u3r.