CVE-2022-26134 PoC — Atlassian Confluence Server 注入漏洞

Source

https://github.com/sunny-kathuria/exploit_CVE-2022-26134

Associated Vulnerability

Title:Atlassian Confluence Server 注入漏洞 (CVE-2022-26134)
Description:In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

Description

CVE-2022-26134, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. This is CVE-2022-26134 expoitation script

Readme

# exploit_CVE-2022-26134
CVE-2022-26134, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. 

This script can find vulnerable server for CVE-2022-26134 from Shodan Search Engine.
Just need to enter organisation as following. It will mak e query to shodan and will get all vulnerable servers.


Usage:
python main.py "organisation name"
  
  
Prerequites:
  1) Enter your Shodan key in code as:
    YOUR_API_KEY_HERE=' '
  
  2) pip install -r requirements.txt

File Snapshot


 [4.0K]  /data/pocs/a856fab4589563ebc3bffebb6a28d6385f7aaf8b
├── [3.3K]  main.py
├── [ 570]  README.md
└── [  16]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!