NOMISEC-SeanPesce/CVE-2024-22243

NOMISEC WORKING POC

Exploit for CVE-2024-22243 - UriComponentsBuilder - Open Redirect

AI Analysis

This repository contains a functional proof-of-concept demonstrating CVE-2024-22243, a URL-parsing vulnerability in Spring Framework that can lead to open redirect and SSRF due to abnormal handling of the 'userinfo' segment in URLs. The included Java web application provides exploitable endpoints to showcase the vulnerability.

Attack Type

SSRF | auth_bypass

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1189 - Drive-by Compromise T1204 - User Execution

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type poc

Files 10

https://github.com/SeanPesce/CVE-2024-22243

Stars 9

Forks 2

Last Push Oct 22, 2024

Authors

Sean Pesce SeanPesce

Vulnerability

CVE-2024-22243

UriComponentsBuilder - Open Redirect

HIGH

CVSS 8.1