CVE-2022-22980

This repository contains a functional PoC for CVE-2022-22980, demonstrating SpEL injection in Spring Data MongoDB. The exploit leverages a malicious query to execute arbitrary code (e.g., launching 'calc') via the `findByFirstName` method.

This repository provides a working proof-of-concept for CVE-2022-22980, a SpEL injection vulnerability in Spring Data MongoDB. The exploit demonstrates remote code execution by injecting a malicious SpEL expression into the 'id' parameter, which is then evaluated by the application.

This repository provides a Spring Boot application demonstrating CVE-2022-22980, a SpEL injection vulnerability in Spring Data MongoDB. The `UserRepository` uses a vulnerable `@Query` annotation with SpEL expression, allowing arbitrary code execution when exploited via the `/test` endpoint.

This repository contains a working PoC for CVE-2022-22980, a SpEL injection vulnerability in Spring Data MongoDB. The exploit demonstrates remote code execution via a crafted HTTP request to the `/v1/user/get` endpoint.

This repository provides a description and video PoC for CVE-2022-22980, a SpEL injection vulnerability in Spring Data MongoDB. The vulnerability allows remote code execution when using @Query or @Aggregation-annotated methods with unsanitized input.

This repository contains a detailed writeup about CVE-2022-22980, a SpEL Expression Injection vulnerability in Spring Data MongoDB. It explains the vulnerability, affected versions, mitigation strategies, and patch analysis without providing exploit code.

This repository contains a functional PoC for CVE-2022-22980, demonstrating SpEL injection in Spring Data MongoDB. The exploit leverages a vulnerable `@Query` annotation to execute arbitrary code via SpEL expressions, as shown in the `findByFirstName` method.

This repository contains a functional Python-based exploit for CVE-2022-22980, a SpEL injection vulnerability in Spring Data. The exploit sends a crafted payload to a vulnerable endpoint, executes arbitrary commands via Runtime.getRuntime().exec(), and exfiltrates the output via HTTP.