## CVE-2022-22954 PoC
VMware Workspace ONE Access and Identity Manager RCE via SSTI.
CVE-2022-22954 - PoC SSTI
Usage:
```bash
CVE-2022-22954.py [-h] -m SET_MODE [-i IP] [-c CMD]
optional arguments:
-h, --help show this help message and exit
-m SET_MODE, --mode SET_MODE
Available modes: shodan | file | manual
-i IP, --ip IP Host IP
-c CMD, --cmd CMD Command string
```
### Modes
- shodan: Retrieves IP list based on "http.favicon.hash:-1250474341" query
- file: Put your IP list in ips.txt
- manual: Pass IP and CMD arguments to -m manual mode
### Disclaimer
This is just a PoC. Use it at wour own risk and not in production nor real environments. Don't ask me why the code is like this or if it's good or bad, I don't care. I'm not a cool programmer and my code is ugly.
### Zoomeye CLI Dork:
```bash
zoomeye search 'iconhash:-1250474341' -num 780 -filter=ip,port
zoomeye search 'banner:/SAAS/auth/login' -num 900 -filter=ip,port
```
### Shodan CLI Dork:
```bash
shodan search "http.favicon.hash:-1250474341" --fields=ip_str,port --separator ":" --limit 1000 | grep ''
shodan search 'title:"Workspace ONE Access"' --fields=ip_str,port --separator ":" --limit 1000 | grep ''
```
[4.0K] /data/pocs/2e4bb6a36922af07c3bf4739f32caad9e3d5bd11
├── [ 184] advise.txt
├── [4.3K] CVE-2022-22954.py
├── [ 8] ips.txt
├── [1.2K] README.md
├── [1.5K] shell.jsp
├── [ 217] shodan-dork.txt
└── [ 135] zoomeye-dork.txt
0 directories, 7 files