# CVE-2022-22963
CVE-2022-22963 PoC 

Slight modified for English translation and detection of . By default whoami is executed on the target and a file vulnerable.txt is created with the URLs that are vulnerable.

Exploiting the vulnerability is quite easy to accomplish. Here is reported the curl command to exploit the vulnerability.

curl -i -s -k -X $'POST' -H $'Host:' -H $'\"touch /tmp/test")' --data-binary $'exploit_poc' $''

With this curl it’s trivial to create a file on the operating system but it could be used to open a reverse shell on the vulnerable host or container.

If you’re impacted by CVE-2022-22963, you should update the application to the newest versions 3.1.7 & 3.2.3.

# More information at,