CVE-2022-22963

This exploit leverages CVE-2022-22963 in Spring Cloud Function to achieve remote command execution via a malicious SpEL expression in the 'spring.cloud.function.routing-expression' header. The PoC sends a crafted POST request to execute arbitrary commands on the target system.

This repository provides a proof-of-concept exploit for CVE-2022-22963, a SpEL (Spring Expression Language) injection vulnerability in Spring Cloud Function. The exploit demonstrates remote code execution (RCE) via malicious SpEL expressions in HTTP headers.

This repository contains a scanner for CVE-2022-22963, a Spring Cloud Function SpEL RCE vulnerability. It checks for vulnerable endpoints by sending a crafted payload and verifying the response.

This repository provides a working proof-of-concept exploit for CVE-2022-22963, a remote code execution vulnerability in Spring Cloud Function. The exploit leverages a malicious SpEL expression in the HTTP request header to execute arbitrary commands on the target system.

This is a functional Python exploit for CVE-2022-22963, targeting Spring Cloud Function's `/functionRouter` endpoint to achieve remote code execution via a malicious SpEL expression. It includes a reverse shell payload triggered after vulnerability confirmation.

This repository provides a Docker-based vulnerable application and a proof-of-concept exploit for CVE-2022-22963, a Spring Cloud Function SpEL injection vulnerability leading to remote code execution (RCE). The PoC demonstrates command injection via a crafted HTTP request.

This repository provides a working proof-of-concept for CVE-2022-22963, a Spring Cloud Function SpEL injection vulnerability leading to remote code execution. It includes a Docker-based setup and example payloads for exploitation.

This repository contains two Python-based PoC exploits for CVE-2022-22963 and CVE-2022-22965, targeting Spring Cloud Function and Spring MVC/WebFlux applications, respectively. Both exploits demonstrate remote code execution (RCE) via SpEL injection and data binding manipulation.

This repository contains a minimal proof-of-concept for CVE-2022-22963, demonstrating remote code execution in Spring Cloud Function via SpEL injection. The exploit leverages a malicious routing expression to execute arbitrary commands on the target system.

This repository contains a Python-based exploit for CVE-2022-22963, a SpEL injection vulnerability in Spring Cloud Function. The exploit allows remote command execution (RCE) by leveraging the 'spring.cloud.function.routing-expression' header to execute arbitrary commands via a crafted payload.

This repository contains a functional exploit for CVE-2022-22963, a SpEL expression injection vulnerability in Spring Cloud Function. The exploit supports DNS out-of-band testing and reverse shell generation for both Linux and Windows targets.

This is a Python-based exploit for CVE-2022-22963, targeting Spring Cloud Function. It leverages the SpEL injection vulnerability to achieve remote code execution by creating a reverse shell script, serving it via an HTTP server, and executing it on the target system.

This is a functional Python PoC for CVE-2022-22963 (Spring4Shell), exploiting a SpEL injection vulnerability in Spring Cloud Function to achieve remote code execution via crafted HTTP headers.

This repository contains a functional exploit for CVE-2022-22963, a SpEL injection vulnerability in Spring Cloud Function. The exploit crafts a malicious routing expression to achieve remote code execution via a reverse shell.

This is a functional exploit for CVE-2022-22963, a Spring Core RCE vulnerability affecting JDK 9+ and Spring Framework. It leverages a malicious request to deploy a JSP webshell for remote command execution.

This repository provides a working proof-of-concept for CVE-2022-22963, a SpEL injection vulnerability in Spring Cloud Function. It includes a Docker setup to replicate the vulnerable environment and demonstrates remote code execution via a crafted HTTP request.

This is a Rust-based exploit for CVE-2022-22963, targeting Spring Cloud Function versions 3.1.6, 3.2.2, and older. It leverages a crafted SpEL expression in the 'spring.cloud.function.routing-expression' header to achieve remote code execution.

This PoC demonstrates CVE-2022-22963, a SpEL injection vulnerability in Spring Cloud Function. The exploit leverages the `spring.cloud.function.routing-expression` header to execute arbitrary commands via SpEL expression injection.

This is a functional exploit PoC for CVE-2022-22963, a Spring Cloud Function SpEL injection vulnerability. It includes both a vulnerability checker and an RCE exploit that triggers a reverse shell via a crafted HTTP request.

This repository contains a scanner for CVE-2022-22963, a SpEL injection vulnerability in Spring Cloud Function. The PoC checks for vulnerability by sending a crafted HTTP request with a malicious SpEL expression in the 'spring.cloud.function.routing-expression' header and verifies the response for a 500 error indicating successful exploitation.

The provided code is a minimal Spring Boot application stub and does not contain any exploit logic for CVE-2022-22963. It lacks the necessary components to demonstrate the vulnerability.

This PoC exploits CVE-2022-22963 in Spring Cloud Function by injecting a SpEL expression via the routing-expression header to achieve remote code execution. It downloads and executes a reverse shell script from an attacker-controlled server.

This is a functional PoC for CVE-2022-22963, a Spring Cloud Function SpEL injection vulnerability. It crafts a malicious SpEL expression to execute a reverse shell payload via curl, targeting vulnerable Spring Cloud Function applications.

This repository contains a functional exploit for CVE-2022-22963, a remote code execution vulnerability in Spring Cloud Function. The exploit uses a crafted HTTP request with a malicious expression in the 'spring.cloud.function.routing-expression' header to execute a reverse shell.

This repository contains a Go-based exploit for CVE-2022-22963, a remote code execution vulnerability in Spring Cloud Function. The exploit sends a malicious SpEL expression via HTTP headers to achieve RCE.

This is a functional Python exploit for CVE-2022-22963, targeting Spring Cloud Function's SpEL injection vulnerability via the /functionRouter endpoint. It includes a reverse shell payload and a netcat listener for post-exploitation.

This repository contains two Python scripts exploiting CVE-2022-22963 (Spring4Shell), a remote code execution vulnerability in Spring Cloud Function. The scripts demonstrate command injection via malicious SpEL expressions and reverse shell techniques.

This repository contains a functional exploit toolkit for multiple Spring Boot vulnerabilities, including CVE-2022-22963. It includes interactive exploit modules, batch scanning capabilities, and external API integrations for asset enumeration.

This Metasploit module exploits a SpEL injection vulnerability in Spring Cloud Function (CVE-2022-22963) to achieve remote code execution via the 'spring.cloud.function.routing-expression' header. It supports both direct command execution and staged payloads for Linux targets.