CVE-2022-33891

This repository contains a functional Python PoC for CVE-2022-33891, a command injection vulnerability in Apache Spark. The exploit leverages the `doAs` parameter to execute arbitrary commands via bash interpolation, with support for reverse shells and vulnerability checks.

This repository contains a functional exploit PoC for CVE-2022-33891, which targets Apache Spark. The exploit leverages command injection via the `doAs` parameter to trigger a DNS lookup, confirming vulnerability through dnslog.cn.

The repository contains a functional exploit for CVE-2022-33891, which leverages command injection via the `doAs` parameter in Apache Spark UI when ACLs are enabled. The script sends a crafted HTTP request with a sleep command to test for vulnerability.

This repository contains a functional Python PoC for CVE-2022-33891, a command injection vulnerability in Apache Spark. The exploit leverages the `doAs` parameter to execute arbitrary commands via base64-encoded payloads, including a reverse shell option.

This repository contains a functional exploit for CVE-2022-33891, an RCE vulnerability in Apache Spark UI due to improper handling of ACLs. The exploit uses command injection via the 'doAs' parameter to achieve remote code execution, with options for both reverse and bind shells.

The repository contains no exploit code, only a YouTube video link and social media links. It lacks technical details about the vulnerability or PoC code.

This repository contains a functional exploit for CVE-2022-33891, an Apache Spark vulnerability allowing remote command execution via the 'doAs' parameter. The exploit checks for vulnerability by measuring response time delays and provides an interactive shell for command execution.

This repository provides a detailed technical analysis and infrastructure setup for testing CVE-2022-33891, a command injection vulnerability in Apache Spark 3.1.1. It includes Docker configurations for both patched and unpatched Spark environments to demonstrate the vulnerability and its mitigation.

This repository contains a functional Python-based exploit for CVE-2022-33891, an Apache Spark command injection vulnerability. The PoC leverages improper input validation in the `doAs` parameter to execute arbitrary shell commands, including a reverse shell payload.

This repository contains a functional proof-of-concept for CVE-2022-33891, which exploits a vulnerability in Apache Spark's ACL configuration. It sets up a vulnerable Spark instance (version 3.1.1) with misconfigured ACLs and uses Apache as a reverse proxy to demonstrate the exploit.

This repository provides a detailed guide on patching CVE-2022-33891, a vulnerability in Apache Spark that allows arbitrary shell command execution via ACL authentication. It includes steps to reproduce the vulnerability using an external PoC and apply the official patch.

This repository contains a functional exploit for CVE-2022-33891, an Apache Spark ACL bypass vulnerability leading to remote command execution (RCE). The PoC sends a crafted HTTP request with a `doAs` parameter to execute arbitrary commands via `wget` and `bash`.

The repository contains functional exploit code for CVE-2022-33891, demonstrating a command injection vulnerability in Apache Spark. The exploit leverages the `doAs` parameter in the Spark UI to execute arbitrary shell commands.

This Metasploit module exploits CVE-2022-33891, an unauthenticated command injection vulnerability in Apache Spark. It leverages the `doAs` parameter to execute arbitrary commands via base64-encoded payloads, resulting in remote code execution.