CVE-2022-26134 PoC — Atlassian Confluence Server 注入漏洞

Source

https://github.com/Brucetg/CVE-2022-26134

Associated Vulnerability

Title:Atlassian Confluence Server 注入漏洞 (CVE-2022-26134)
Description:In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

Description

（CVE-2022-26134）an unauthenticated and remote OGNL injection vulnerability resulting in code execution in the context of the Confluence server

Readme

# CVE-2022-26134
（CVE-2022-26134）an unauthenticated and remote OGNL injection vulnerability resulting in code execution in the context of the Confluence server



Require：Python2 or Python3

Usage:

```
python cve_2022_26134.py -url target_url -cmd "ls -al"
python cve_2022_26134.py -url target_url -cmd "whoami"
```



![](1.png)

if target is windows system, please use the script as follows, for example:

```
python3 cve_2022_26134.py -url target_url -cmd "cmd /c tasklist"
```

![](https://user-images.githubusercontent.com/30258075/172058512-32221924-4ee9-450d-9139-19ebd8e1b396.png)

File Snapshot


 [4.0K]  /data/pocs/8aa29e6d8ef962be5c4c173de02579c31d9904d8
├── [478K]  1.png
├── [1.6K]  cve_2022_26134.py
└── [ 621]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!