Exploit for Expression Language Injection in Vmware Spring Cloud Gateway CVE-2022-22947

Name: Exploit for Expression Language Injection in Vmware Spring Cloud Gateway CVE-2022-22947
Rating: 5 (366 reviews)

2022-05-16 | CVSS 6.8

## https://sploitus.com/exploit?id=1C1E0F3C-2472-5BC6-A967-B71B63F51BE9
# CVE-2022-22947
Spring Cloud Gateway Actuator API SpEL表达式注入命令执行（CVE-2022-22947） 注入哥斯拉内存马



默认key pass base64



注:代码没有清除路由部分自行清除下。。




测试环境：https://github.com/vulhub/vulhub/blob/master/spring/CVE-2022-22947/README.zh-cn.md


内存马class https://github.com/whwlsfb/cve-2022-22947-godzilla-memshell