Exploit for Server-Side Request Forgery in Apache Batik CVE-2022-40146

Name: Exploit for Server-Side Request Forgery in Apache Batik CVE-2022-40146
Rating: 5 (500 reviews)

2022-11-01 | CVSS 5.0

## https://sploitus.com/exploit?id=5D9EABE3-971E-5747-9FD9-1B43A555CBF3
# Apache Batik SSRF to RCE Jar Exploit

## Component link

https://github.com/apache/xmlgraphics-batik

## Blog

https://www.zerodayinitiative.com/blog/2022/10/28/vulnerabilities-in-apache-batik-default-security-controls-ssrf-and-rce-through-remote-class-loading

## Usage 

- Modify the line 11 in src/main/java/com.poc.Poc.java to change the command.
- Run `mvn clean package`
- Exploit can be found in target/

Then you need to navigate to the [Poc/](Poc) to use this exploit jar.

### Poc contains:

- SSRF
- RCE via jar
- RCE via ecmascript