Share
## https://sploitus.com/exploit?id=37D87439-76C4-560D-9DBC-0BFA2DA08F1D
# CVE-2022-46364 Exploit

Apache CXF SSRF via MTOM XOP:Include | CVSS 9.8 CRITICAL

## Vulnerability

Apache CXF  -s  -d 
```

- `-t, --target` - Vulnerable CXF SOAP endpoint (required)
- `-s, --ssrf-url` - Internal URL to exfiltrate (required)
- `-d, --domain` - Target domain (default: localhost)
- `--plain-soap` - Use plain SOAP instead of MTOM

## Example
```bash
# Read /etc/passwd
python3 exploit.py -t http://target.com:8080/employeeservice -s file:///etc/passwd -d target.com
```

## Attack Flow

1. Attacker sends SOAP request with XOP:Include element
2. CXF server fetches internal URL without validation
3. Response contains Base64-encoded exfiltrated data
4. Exploit decodes and displays content

## Impact

- AWS/GCP/Azure metadata & IAM credentials
- Internal admin panels and APIs
- Database credentials from environment endpoints
- Internal microservice data

## References

- CVE-2022-46364
- CWE-918 (SSRF)
- https://nvd.nist.gov/vuln/detail/CVE-2022-46364
- https://github.com/advisories/GHSA-x3x3-qwjq-8gj4