关联漏洞
描述
Spring Cloud Gateway Actuator API 远程命令执行 CVE-2022-22947
介绍
# Spring Cloud Gateway RCE Env CVE-2022-22947
> CVE-2022-22947 was identified in the Spring Cloud Gateway Server jar.
> After the application is compiled you should be able to view the existing routes by visiting: http://127.0.0.1:9000/actuator/gateway/routes
### Compile
```
$ mvn package -DskipTests
```
### Run
```
$ java -jar target/spring-gateway-rce-0.0.1.jar
```
The application should run be running on port 9000.
文件快照
[4.0K] /data/pocs/01b771fa159e30a99c602b46960949f36aa88898
├── [9.8K] mvnw
├── [6.5K] mvnw.cmd
├── [3.0K] pom.xml
├── [ 430] README.md
└── [4.0K] src
├── [4.0K] main
│ ├── [4.0K] java
│ │ └── [4.0K] pl
│ │ └── [4.0K] wya
│ │ └── [4.0K] springgatewaydemo
│ │ └── [1.1K] SpringGatewayDemoApplication.java
│ └── [4.0K] resources
│ └── [ 145] application.properties
└── [4.0K] test
└── [4.0K] java
└── [4.0K] pl
└── [4.0K] wya
└── [4.0K] springgatewaydemo
└── [ 227] SpringGatewayDemoApplicationTests.java
12 directories, 7 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。