Exploit for Expression Language Injection in Vmware Spring Cloud Function CVE-2022-22963

## https://sploitus.com/exploit?id=7D874F81-FBEE-512F-B206-D7CED2BA80B0
# Exploit-for-CVE-2022-22963

Exploit using curl to get a reverse shell in vulnerable spring cloud environments.

This exploit abuses the functionRouter URI, by injecting code into the `eval` function of the Spring Framework through a post request with a header that gives us Remote Code Execution (RCE). 

<p align="center">
  <img src="images/2023-06-29_01-30.png" width="650" title="Terminal print">
</p>

### Created by

[Henri Vlasic](https://github.com/HenriVlasic)
- [Linkedin](https://www.linkedin.com/in/henri-vlasic/)

[Arthur Valverde](https://github.com/arthurvmbl)
- [Linkedin](https://www.linkedin.com/in/uartuo/)