CVE-2022-22947

This exploit leverages CVE-2022-22947 in Spring Cloud Gateway to achieve remote code execution via SpEL injection in the actuator endpoint. It deploys a malicious route, executes a command, and retrieves the output.

This repository contains a Python-based proof-of-concept exploit for CVE-2022-22947, a remote code execution vulnerability in Spring Cloud Gateway. The exploit leverages the Gateway Actuator endpoint to inject malicious SpEL expressions, executing arbitrary commands (e.g., 'id') on vulnerable systems.

This PoC demonstrates a memory shell injection for CVE-2022-22947, leveraging Spring Cloud Gateway's vulnerability to register a malicious handler method. It includes encryption/decryption and dynamic class loading to execute arbitrary commands.

This is a functional exploit for CVE-2022-22947, targeting Spring Cloud Gateway. It leverages the actuator endpoint to inject a malicious route configuration, enabling remote code execution via SpEL injection.

This repository contains a functional exploit for CVE-2022-22947, a remote code execution vulnerability in Spring Cloud Gateway. The exploit leverages SpEL injection to execute arbitrary commands on vulnerable systems.

This PoC exploits CVE-2022-22947, a SpEL injection vulnerability in Spring Cloud Gateway, to execute arbitrary commands and inject a Godzilla memory shell. The exploit leverages the Actuator API to achieve remote code execution.

This is a functional exploit for CVE-2022-22947, targeting Spring Cloud Gateway versions < 3.0.7 and < 3.1.1. It leverages SpEL injection via the Gateway Actuator endpoint to achieve remote code execution (RCE).

This is a functional exploit for CVE-2022-22947, a Spring Cloud Gateway RCE vulnerability. It allows arbitrary command execution or reverse shell via malicious actuator endpoint manipulation.

The repository contains only a README with minimal details about a Spring Cloud Gateway RCE exploit, lacking actual exploit code or technical specifics. The author mentions a tool but provides no implementation or usage details beyond a placeholder image reference.

This repository contains a Go-based exploit for CVE-2022-22947, which injects a Godzilla memory shell into a vulnerable Spring Cloud Gateway server. The exploit supports proxy functionality and leverages SpEL injection to achieve remote code execution.

This repository contains a Python script that exploits CVE-2022-22947, a SpEL injection vulnerability in Spring Cloud Gateway, to inject in-memory webshells (Netty and Spring-based). The script sends a crafted request to the target server to achieve remote code execution.

This repository contains a proof-of-concept exploit for CVE-2022-22947, a remote code execution vulnerability in Spring Cloud Gateway. The exploit leverages SpEL injection in dynamically added routes via the Gateway Actuator endpoint to achieve arbitrary command execution.

The repository contains minimal Spring Boot configuration files for a Nacos Discovery client but lacks exploit code or PoC logic for CVE-2022-22947. No offensive techniques or vulnerability triggers are present.

This is a functional exploit for CVE-2022-22947, targeting Spring Cloud Gateway's SpEL injection vulnerability via the Actuator endpoint. It allows arbitrary command execution and includes a reverse shell feature.

This repository contains a functional Python-based exploit for CVE-2022-22947, a SpEL injection vulnerability in Spring Cloud Gateway. The exploit leverages the Actuator API to execute arbitrary commands via crafted payloads, supporting both Linux and Windows targets.

This is a functional exploit PoC for CVE-2022-22947, targeting Spring Cloud Gateway. It leverages SpEL injection to achieve remote code execution by manipulating the gateway's route configuration via the actuator endpoint.

This repository provides a detailed proof-of-concept for CVE-2022-22947, a Spring Cloud Gateway SpEL injection vulnerability leading to remote code execution. It includes environment setup instructions, exploit analysis, and payload examples for both non-echo and echo-based exploitation chains.

This repository provides a functional proof-of-concept for CVE-2022-22947, demonstrating SpEL code injection in Spring Cloud Gateway Actuator API. The exploit leverages malicious SpEL expressions to achieve remote code execution (RCE) by executing arbitrary commands (e.g., `id`).

This repository contains a README describing CVE-2022-22947, a code injection vulnerability in Spring Cloud Gateway. No exploit code or technical details are provided in the snippet.

This repository contains a Python script that exploits CVE-2022-22947, a remote code execution vulnerability in Spring Cloud Gateway. The script checks for vulnerable endpoints and executes a payload to run arbitrary commands (e.g., 'id') via SpEL injection.

This is a Python-based exploit for CVE-2022-22947, a Spring Framework RCE vulnerability. It leverages deserialization via a crafted payload to achieve remote code execution.

This repository contains a functional exploit for CVE-2022-22947, a remote code execution vulnerability in Spring Cloud Gateway. The exploit leverages the Actuator endpoint to inject and execute arbitrary commands via a crafted payload.

This repository contains a Python-based exploit for CVE-2022-22947, a SpEL injection vulnerability in Spring Cloud Gateway. The exploit allows remote command execution by crafting malicious requests to the actuator API.

This repository contains a Python-based PoC for CVE-2022-22947, a remote code execution vulnerability in Spring Cloud Gateway. The script tests multiple URLs for the vulnerability by sending a crafted payload to the actuator endpoint, which executes arbitrary commands via SpEL injection.

This is a functional exploit for CVE-2022-22947, a Spring Cloud Gateway RCE vulnerability. It leverages SpEL injection via the actuator endpoint to execute arbitrary commands on the target system.

This repository contains a Go-based exploit for CVE-2022-22947, a SpEL injection vulnerability in Spring Cloud Gateway. The PoC automates the detection and exploitation of the flaw by sending crafted HTTP requests to execute arbitrary commands (e.g., 'id') via the Actuator API.

This Go-based exploit leverages CVE-2022-22947, a SpEL injection vulnerability in Spring Cloud Gateway, to execute arbitrary commands via malicious route configurations. It interacts with the Actuator API to create, refresh, and delete routes, extracting command output from responses.

This repository contains a working PoC for CVE-2022-22947, a SpEL injection vulnerability in Spring Cloud Gateway. The exploit leverages the Actuator API to create a malicious route, refresh the configuration, and trigger arbitrary command execution via a crafted SpEL expression.

This PoC exploits CVE-2022-22947, a SpEL injection vulnerability in Spring Cloud Gateway, to achieve remote code execution. It includes functions for direct command execution and a reverse shell payload.

This repository contains a functional proof-of-concept exploit for CVE-2022-22947, a remote code execution vulnerability in Spring Cloud Gateway. The exploit leverages SpEL injection via the Actuator endpoint to execute arbitrary commands, including reverse shells.

This is a functional PoC for CVE-2022-22947, a remote code execution vulnerability in Spring Cloud Gateway. It exploits the actuator endpoint to inject a SpEL expression that executes arbitrary commands (e.g., 'id') via a crafted JSON payload.

This PoC exploits CVE-2022-22947, a SpEL injection vulnerability in Spring Cloud Gateway, by sending crafted JSON payloads to trigger DNS lookups via `InetAddress.getByName()`. It uses a DNS log service to confirm successful exploitation.

This PoC exploits CVE-2022-22947, a SpEL injection vulnerability in Spring Cloud Gateway, allowing remote command execution via malicious route configuration. It demonstrates the full attack chain: route creation, refresh, and cleanup.

This repository contains a Burp Suite extension designed to scan for CVE-2022-22947, a Spring Cloud Gateway vulnerability. The extension intercepts HTTP responses and checks for indicators of the vulnerability by sending crafted requests and analyzing responses.

This repository contains a functional exploit for CVE-2022-22947, targeting Spring Cloud Gateway. It includes command execution, reverse shell capabilities via /dev/tcp and Java-based payloads, and network egress testing.

This Go-based PoC exploits CVE-2022-22947, a remote code execution vulnerability in Spring Cloud Gateway's Actuator endpoint. It sends a series of HTTP requests to create a malicious route, execute a command via SpEL injection, and retrieve the output.

This repository provides a working proof-of-concept for CVE-2022-22947, a Spring Cloud Gateway RCE vulnerability. It includes a Spring Boot application demonstrating the vulnerable setup and routes.

This PoC exploits CVE-2022-22947, a Spring Cloud Gateway SpEL injection vulnerability, to achieve remote code execution (RCE). It allows command execution or reverse shell establishment via crafted payloads sent to the actuator endpoint.

This repository contains a working PoC for CVE-2022-22947, a remote code execution vulnerability in Spring Cloud Gateway. The exploit leverages SpEL injection via the actuator endpoint to execute arbitrary commands.

This repository contains a working exploit for CVE-2022-22947, a Spring Cloud Gateway RCE vulnerability. The exploit injects a memory shell via malicious route configuration and includes a reverse shell payload.

The repository contains minimal Spring Boot application code but lacks any exploit implementation or demonstration of CVE-2022-22947. No offensive techniques or vulnerability-specific logic are present.

This PoC exploits CVE-2022-22947, a SpEL injection vulnerability in Spring Cloud Gateway, by adding a malicious route with a SpEL expression that executes the 'id' command. It then triggers the route and retrieves the command output from the response headers.

This is a functional exploit for CVE-2022-22947, a remote code execution vulnerability in Spring Cloud Gateway. The PoC leverages the actuator endpoint to create a malicious route with a SpEL injection payload, enabling arbitrary command execution.

This is a functional PoC for CVE-2022-22947, a Spring Cloud Gateway SpEL RCE vulnerability. It injects a malicious route, refreshes the gateway, and retrieves command execution output via response headers.

The repository contains only a README.md file with basic information about CVE-2022-22947, including affected versions and a placeholder for execution instructions. No actual exploit code or technical details are provided.

The repository contains only a minimal README with no exploit code or technical details. It appears to be a placeholder or stub with no substantive content related to CVE-2022-22947.

This repository contains a proof-of-concept exploit for CVE-2022-22947, a vulnerability in Spring Cloud Gateway. The exploit demonstrates how an attacker can bypass security controls to achieve remote code execution (RCE) by leveraging improper input validation.

This repository contains a functional PoC for CVE-2022-22947, demonstrating RCE in Spring Cloud Gateway via SpEL injection through Actuator endpoints. The exploit leverages dynamic route addition with malicious SpEL expressions to execute arbitrary commands.

This is a functional exploit for CVE-2022-22947, a code injection vulnerability in Spring Cloud Gateway. It leverages SpEL injection to execute arbitrary commands via the gateway's actuator endpoints.

This repository contains a GUI-based exploit tool for CVE-2022-22947 (Spring Cloud Gateway RCE), supporting detection, command execution, reverse shell, and memory shell injection. It also includes exploits for CVE-2022-22963 and CVE-2022-22965.

This repository contains a detailed proof-of-concept for CVE-2022-22947, a critical SpEL injection vulnerability in Spring Cloud Gateway. The exploit leverages the Actuator API to execute arbitrary commands via a crafted JSON payload, leading to remote code execution.

This repository contains two Python scripts exploiting CVE-2022-22947, a Spring Cloud Gateway RCE vulnerability. The first script injects a memory shell, while the second establishes a reverse shell. Both leverage SpEL injection via the gateway's actuator endpoints.

The repository contains only Docker Compose files for setting up vulnerable and non-vulnerable environments for CVE-2022-22947 but lacks actual exploit code or technical details. It serves as a minimal placeholder for testing the vulnerability.

This PoC exploits CVE-2022-22947, a SpEL injection vulnerability in Spring Cloud Gateway, to achieve remote code execution (RCE) via malicious route configuration. It automates the process of adding a route, refreshing the gateway, retrieving command output, and cleaning up.

This is a functional exploit for CVE-2022-22947, a SpEL (Spring Expression Language) code injection vulnerability in Spring Cloud Gateway. It leverages the Actuator API to execute arbitrary commands by crafting malicious payloads in the route configuration.

This is a functional PoC for CVE-2022-22947, a Spring Cloud Gateway RCE vulnerability. It exploits SpEL injection via the actuator endpoint to execute arbitrary commands (default: 'id') and includes routines for route refresh, command output retrieval, and cleanup.

The repository contains only a README file mentioning CVE-2022-22947 and a reference to a 'goby' PoC, but no actual exploit code or technical details are provided.

This PoC exploits CVE-2022-22947, a SpEL injection vulnerability in Spring Cloud Gateway, to achieve remote code execution (RCE) by injecting a malicious SpEL expression into the gateway route configuration. The exploit sends crafted HTTP requests to execute arbitrary commands (e.g., 'time') via the Spring Expression Language (SpEL).

This is a functional PoC for CVE-2022-22947, a remote code execution vulnerability in Spring Cloud Gateway. It exploits SpEL injection via the gateway actuator endpoints to execute arbitrary commands.

This PoC exploits CVE-2022-22947, a SpEL injection vulnerability in Spring Cloud Gateway, to achieve remote code execution (RCE) via crafted actuator endpoint requests. The exploit constructs a malicious route configuration that executes arbitrary commands through Java's Runtime.exec.

This repository contains detailed technical writeups for multiple vulnerabilities, including SQL injection, file read, and deserialization flaws. Each writeup includes vulnerability descriptions, environment setup, and exploitation steps, demonstrating a deep understanding of the vulnerabilities.

This repository contains a graphical tool for exploiting CVE-2022-22947 (Spring Cloud Gateway RCE) and CVE-2022-22963 (Spring Cloud Function SpEL RCE). It includes functional exploit code and detailed PoC requests for both vulnerabilities.

This repository contains a functional exploit for CVE-2022-22947, a remote code execution vulnerability in Spring Cloud Gateway. The exploit leverages the actuator endpoint to inject and execute arbitrary commands via a crafted SpEL expression.

This repository contains a functional exploit for CVE-2022-22947, a Spring Cloud Gateway vulnerability allowing remote code execution. The provided code includes agent and C2 server components, indicating a complete exploit chain.

This Metasploit module exploits CVE-2022-22947, an unauthenticated RCE in Spring Cloud Gateway via SpEL injection through the Gateway Actuator endpoint. It creates a malicious route, triggers execution via a refresh, and cleans up the route afterward.