mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-26 13:37:50 +02:00
0xMarcio
10 KiB
10 KiB
CVE-2022-22963
&color=brightgreen)
Description
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
POC
Reference
- http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
Github
- https://github.com/0x7n6/OSCP
- https://github.com/0x801453/SpringbootGuiExploit
- https://github.com/0xStrygwyr/OSCP-Guide
- https://github.com/0xZipp0/OSCP
- https://github.com/0xsyr0/OSCP
- https://github.com/12442RF/NpocTemplate
- https://github.com/13exp/SpringBoot-Scan-GUI
- https://github.com/189569400/Meppo
- https://github.com/20142995/Goby
- https://github.com/20142995/nuclei-templates
- https://github.com/20142995/pocsuite3
- https://github.com/20142995/sectool
- https://github.com/24-2021/fscan-POC
- https://github.com/2lambda123/SBSCAN
- https://github.com/2lambda123/spring4shell-scan
- https://github.com/9xN/SpringCore-0day
- https://github.com/ADP-Dynatrace/dt-appsec-powerup
- https://github.com/AMatheusFeitosaM/OSCP-Cheat
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/AabyssZG/SpringBoot-Scan
- https://github.com/AayushmanThapaMagar/CVE-2022-22963
- https://github.com/Agilevatester/SpringSecurity
- https://github.com/Agilevatester/SpringSecurityV1
- https://github.com/Anogota/Inject
- https://github.com/AtiqMar1/telstra-security-operations-scenario
- https://github.com/BBD-YZZ/GUI-TOOLS
- https://github.com/BearClaw96/CVE-2022-22963-Poc-Bearcules
- https://github.com/CLincat/vulcat
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/CognizantOneDevOps/Insights
- https://github.com/Drajoncr/AttackWebFrameworkTools
- https://github.com/EnriqueSanchezdelVillar/NotesHck
- https://github.com/Faizan-Khanx/OSCP
- https://github.com/G01d3nW01f/CVE-2022-22963
- https://github.com/GhostTroops/TOP
- https://github.com/GuayoyoCyber/CVE-2022-22965
- https://github.com/HackJava/HackSpring
- https://github.com/HackJava/Spring
- https://github.com/HenriV-V/Exploit-for-CVE-2022-22963
- https://github.com/HenriVlasic/Exploit-for-CVE-2022-22963
- https://github.com/HimmelAward/Goby_POC
- https://github.com/J0ey17/CVE-2022-22963_Reverse-Shell-Exploit
- https://github.com/JERRY123S/all-poc
- https://github.com/JosephJMRG/apache-docker-project
- https://github.com/Ki11i0n4ir3/CVE-2022-22963
- https://github.com/Kirill89/CVE-2022-22963-PoC
- https://github.com/Ljw1114/SpringFramework-Vul
- https://github.com/Ly0nt4r/OSCP
- https://github.com/MInggongK/SpringbootGuiExploit
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/Mustafa1986/CVE-2022-22963
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/NyxAzrael/Goby_POC
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/Pear1y/Vuln-Env
- https://github.com/Pear1y/VulnEnv
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/Qualys/spring4scanwin
- https://github.com/RanDengShiFu/CVE-2022-22963
- https://github.com/ReflectedThanatos/OSCP-cheatsheet
- https://github.com/SYRTI/POC_to_review
- https://github.com/SantoriuHen/NotesHck
- https://github.com/SealPaPaPa/SpringCloudFunction-Research
- https://github.com/SenukDias/OSCP_cheat
- https://github.com/Shayz614/CVE-2022-22963
- https://github.com/SirElmard/ethical_hacking
- https://github.com/SnailDev/github-hot-hub
- https://github.com/SourM1lk/CVE-2022-22963-Exploit
- https://github.com/SummerSec/SpringExploit
- https://github.com/Threekiii/Awesome-Exploit
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Awesome-Redteam
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/Trendyol/AppSec-Presentations
- https://github.com/VishuGahlyan/OSCP
- https://github.com/W3BZT3R/Inject
- https://github.com/WhooAmii/POC_to_review
- https://github.com/Whoopsunix/PPPVULNS
- https://github.com/WingsSec/Meppo
- https://github.com/WuliRuler/SBSCAN
- https://github.com/XiaomingX/awesome-poc-for-red-team
- https://github.com/XuCcc/VulEnv
- https://github.com/Xx-otaku/SpringScan
- https://github.com/Z0fhack/Goby_POC
- https://github.com/angui0O/Awesome-Redteam
- https://github.com/ax1sX/SpringSecurity
- https://github.com/axingde/Spring-Cloud-Function-Spel
- https://github.com/axingde/spring-cloud-function-spel
- https://github.com/badigervijay/AI-Based-Threat-Intelligence-Platform
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/chaosec2021/fscan-POC
- https://github.com/charis3306/CVE-2022-22963
- https://github.com/charonlight/SpringExploitGUI
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/cyberkartik/CVE
- https://github.com/czz1233/fscan
- https://github.com/darryk10/CVE-2022-22963
- https://github.com/dinosn/CVE-2022-22963
- https://github.com/dotnes/spring4shell
- https://github.com/dr6817/CVE-2022-22963
- https://github.com/dravenww/curated-article
- https://github.com/dtact/spring4shell-scanner
- https://github.com/e-hakson/OSCP
- https://github.com/edsonjt81/spring4shell-scan
- https://github.com/eljosep/OSCP-Guide
- https://github.com/encodedguy/oneliners
- https://github.com/exfilt/CheatSheet
- https://github.com/exploitbin/CVE-2022-22963-Spring-Core-RCE
- https://github.com/fazilbaig1/oscp
- https://github.com/fullhunt/spring4shell-scan
- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks
- https://github.com/gunh0/kr-vulhub
- https://github.com/gunzf0x/CVE-2022-22963
- https://github.com/hktalent/TOP
- https://github.com/hktalent/spring-spel-0day-poc
- https://github.com/iliass-dahman/CVE-2022-22963-POC
- https://github.com/irgoncalves/f5-waf-enforce-sig-Spring4Shell
- https://github.com/jbmihoub/all-poc
- https://github.com/jitmondal1/OSCP
- https://github.com/jojosec/SPeL-injection-study
- https://github.com/jorgectf/spring-cloud-function-spel
- https://github.com/jrbH4CK/CVE-2022-22963
- https://github.com/jschauma/check-springshell
- https://github.com/justmumu/SpringShell
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/k3rwin/spring-cloud-function-rce
- https://github.com/karimhabush/cyberowl
- https://github.com/kaydenlsr/Awesome-Redteam
- https://github.com/kgwanjala/oscp-cheatsheet
- https://github.com/kh4sh3i/Spring-CVE
- https://github.com/khulnasoft-lab/awesome-security
- https://github.com/khulnasoft-labs/awesome-security
- https://github.com/killvxk/Awesome-Exploit
- https://github.com/langu-xyz/JavaVulnMap
- https://github.com/lemmyz4n3771/CVE-2022-22963-PoC
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/lonnyzhang423/github-hot-hub
- https://github.com/mamba-2021/fscan-POC
- https://github.com/manas3c/CVE-POC
- https://github.com/me2nuk/CVE-2022-22963
- https://github.com/mebibite/springhound
- https://github.com/merlinepedra/AttackWebFrameworkTools-5.0
- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
- https://github.com/metaStor/SpringScan
- https://github.com/murchie85/twitterCyberMonitor
- https://github.com/nBp1Ng/FrameworkAndComponentVulnerabilities
- https://github.com/nBp1Ng/SpringFramework-Vul
- https://github.com/nikn0laty/RCE-in-Spring-Cloud-CVE-2022-22963
- https://github.com/nitishbadole/oscp-note-3
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/nullx3d/PaypScan
- https://github.com/onewinner/VulToolsKit
- https://github.com/onurgule/S4S-Scanner
- https://github.com/oscpname/OSCP_cheat
- https://github.com/parth45/cheatsheet
- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
- https://github.com/peiqiF4ck/WebFrameworkTools-5.5
- https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance
- https://github.com/puckiestyle/CVE-2022-22963
- https://github.com/radiusmethod/awesome-gists
- https://github.com/randallbanner/Spring-Cloud-Function-Vulnerability-CVE-2022-22963-RCE
- https://github.com/revanmalang/OSCP
- https://github.com/savior-only/Spring_All_Reachable
- https://github.com/shengshengli/AttackWebFrameworkTools-5.0
- https://github.com/shengshengli/fscan-POC
- https://github.com/sinjap/spring4shell
- https://github.com/sspsec/Scan-Spring-GO
- https://github.com/stevemats/Spring0DayCoreExploit
- https://github.com/sule01u/SBSCAN
- https://github.com/superlink996/chunqiuyunjingbachang
- https://github.com/thenurhabib/s4sScanner
- https://github.com/thomasvincent/Spring4Shell-resources
- https://github.com/thomasvincent/spring-shell-resources
- https://github.com/thomasvincent/springshell
- https://github.com/tpt11fb/SpringVulScan
- https://github.com/trhacknon/CVE-2022-22963
- https://github.com/trhacknon/Pocingit
- https://github.com/tweedge/springcore-0day-en
- https://github.com/twseptian/cve-2022-22963
- https://github.com/txuswashere/OSCP
- https://github.com/wcoreiron/Sentinel_Analtic_Rules
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/west-wind/Spring4Shell-Detection
- https://github.com/west-wind/Threat-Hunting-With-Splunk
- https://github.com/whoforget/CVE-POC
- https://github.com/x00tex/hackTheBox
- https://github.com/xhref/OSCP
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve
- https://github.com/zjr-g/SpringDetector