CVE-2022-22947
Description
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
Severity: CRITICAL
CVE ID: CVE-2022-22947
CVSS Score: 10.0
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2022-22947
Refrence: Project Discovery GitHub
lucksec
CVE-2022-22947
Refrence: GitHub
scopion
poc for cve-2022-22947
Refrence: GitHub
Vulnmachines
Spring cloud gateway code injection : CVE-2022-22947
Refrence: GitHub
Axx8
Spring Cloud Gateway 远程代码执行漏洞Exp Spring_Cloud_Gateway_RCE_Exp-CVE-2022-22947
Refrence: GitHub
crowsec-edtech
Spring Cloud Gateway < 3.0.7 & < 3.1.1 Code Injection (RCE)
Refrence: GitHub
Tas9er
SpringCloudGatewayRCE - CVE-2022-22947 / Code By:Tas9er
Refrence: GitHub
Greetdawn
Refrence: GitHub
Summer177
Spring Cloud Gateway远程代码执行漏洞
Refrence: GitHub
BerMalBerIst
Exp
Refrence: GitHub
tangxiaofeng7
CVE-2021-42013批量
Refrence: GitHub
dingxiao77
cve-2022-22947 spring cloud gateway 批量扫描脚本
Refrence: GitHub
flying0er
日常更新一些顺手写的gobypoc,包含高危害EXP
Refrence: GitHub
dbgee
Spring Cloud Gateway Actuator API 远程命令执行 CVE-2022-22947
Refrence: GitHub
nu0l
Spring-Cloud-Gateway-CVE-2022-22947
Refrence: GitHub
nanaao
CVE-2022-22947批量检测脚本,回显命令没进行正则,大佬们先用着,后续再更
Refrence: GitHub
hunzi0
批量url检测Spring-Cloud-Gateway-CVE-2022-22947
Refrence: GitHub
22ke
Refrence: GitHub
M0ge
Spring Cloud Gateway远程代码执行漏洞POC,基于命令执行的基础上,增加了反弹shell操作
Refrence: GitHub
YutuSec
Spring Cloud Gateway Actuator API SpEL表达式注入命令执行(CVE-2022-22947)批量检测工具
Refrence: GitHub
Jun-5heng
SpringCloudGatewayRCE / Code By:Jun_sheng
Refrence: GitHub
darkb1rd
Refrence: GitHub
mrknow001
Spring Cloud Gateway Actuator API SpEL Code Injection (CVE-2022-22947)
Refrence: GitHub
0x7eTeam
CVE-2022-22947_EXP,CVE-2022-22947_RCE,CVE-2022-22947反弹shell,CVE-2022-22947 getshell
Refrence: GitHub
ba1ma0
调试代码包含断点信息,直接导入即可进行调试
Refrence: GitHub
Arrnitage
CVE-2022-22947 Exploit script
Refrence: GitHub
PaoPaoLong-lab
Refrence: GitHub
hh-hunter
cve-2022-22947-docker
Refrence: GitHub
k3rwin
spring-cloud-gateway-rce CVE-2022-22947
Refrence: GitHub
bysinks
Refrence: GitHub
Wrin9
CVE-2022-22947_POC_EXP
Refrence: GitHub
viemsr
CVE-2022-22947 memshell
Refrence: GitHub
Enokiy
Refrence: GitHub
Nathaniel1025
poc for CVE-2022-22947
Refrence: GitHub
Vancomycin-g
Refrence: GitHub
scopion
Refrence: GitHub
sagaryadav8742
Spring Cloud Gateway RCE - CVE-2022-22947
Refrence: GitHub
fbion
Spring Cloud Gateway Actuator API SpEL Code Injection.
Refrence: GitHub
talentsec
Spring-Cloud-Gateway-CVE-2022-22947
Refrence: GitHub
aesm1p
CVE-2022-22947 reproduce
Refrence: GitHub
4nNns
Spring-Cloud-Spel-RCE
Refrence: GitHub
expzhizhuo
burp被动扫描插件,目前只有CVE-2022-22947
Refrence: GitHub
twseptian
Spring Cloud Gateway Actuator API SpEL Code Injection (CVE-2022-22947)
Refrence: GitHub
whwlsfb
CVE-2022-22947 注入Godzilla内存马
Refrence: GitHub
0730Nophone
Spring Cloud Gateway Actuator API SpEL表达式注入命令执行(CVE-2022-22947) 注入哥斯拉内存马
Refrence: GitHub
anansec
一个可单独、批量验证的脚本,也可以反弹shell
Refrence: GitHub
Wrong-pixel
Refrence: GitHub
stayfoolish777
批量检测Spring Cloud Gateway 远程代码执行漏洞 Spring_Cloud_Gateway_RCE_POC-CVE-2022-22947
Refrence: GitHub
B0rn2d
Nacos下Spring-Cloud-Gateway CVE-2022-22947利用环境
Refrence: GitHub
kmahyyg
Refrence: GitHub
LY613313
Refrence: GitHub
SiJiDo
Refrence: GitHub
qq87234770
Refrence: GitHub
Zh0um1
CVE-2022-22947注入哥斯拉内存马
Refrence: GitHub
Le1a
Spring Cloud Gateway Actuator API SpEL表达式注入命令执行Exp
Refrence: GitHub
Content on GitHub
tpt11fb | watchers:144
SpringVulScan
burpsuite 的Spring漏洞扫描插件。SpringVulScan:支持检测:路由泄露|CVE-2022-22965|CVE-2022-22963|CVE-2022-22947|CVE-2016-4977
Refrence: GitHub
wjl110 | watchers:11
Spring_CVE_2022_22947
Spring_CVE_2022_22947:Spring Cloud Gateway现高风险漏洞cve,poc漏洞利用,一键利用,开箱即用
Refrence: GitHub