CVE-2022-29464 PoC — WSO2 API Manager 路径遍历漏洞

Source

https://github.com/lowkey0808/cve-2022-29464

Associated Vulnerability

Title:WSO2 API Manager 路径遍历漏洞 (CVE-2022-29464)
Description:Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.

Readme

# cve-2022-29464

# 免责声明
```
脚本仅供学习参考，请勿恶意攻击他人网站
如违法乱纪，造成一切后果由使用者自行承担
技术无罪，与作者无关


使用脚本默认同意以上说明！
                    --Author:lowkey0808
```
# 使用方法
```
usage: python3 -u url

cve-2022-29464

optional arguments:
  -h, --help  show this help message and exit
  -u          目标url
  -s          上传的木马,默认上传内置shell.jsp
```


可直接命令执行

![图片](https://user-images.githubusercontent.com/49674960/165228843-ff1ccc81-2b7d-4a5d-a2ee-c3d807abe1f4.png)


可上传webshell

![图片](https://user-images.githubusercontent.com/49674960/165228989-8f6d8de2-7ef1-4310-b25d-9ce3aa5b1252.png)

![图片](https://user-images.githubusercontent.com/49674960/165229080-0fff4532-e8a9-4d2e-9b58-046ba1f363f6.png)

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →