Exploit for CVE-2022-26134: Confluence Pre-Auth Remote Code Execution via OGNL Injection

Overview

Exploit for CVE-2022-26134: Confluence Pre-Auth Remote Code Execution via OGNL Injection

Another exploit in OGNL Land

Description

Confluence is a web-based corporate wiki developed by Australian software company Atlassian.

On June 02, 2022 Atlassian released a security advisory for their Confluence Server and Data Center applications, highlighting a critical severity unauthenticated remote code execution vulnerability. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance.

Setup

To setup your lab, run start_conflunce.sh and follow the instructions given here.

Usage

$ ./confluence-exploit.py                          
usage: confluence-exploit.py [-h] -u URL
confluence-exploit.py: error: the following arguments are required: -u/--url 
$  ./confluence-exploit.py -u http://127.0.0.1:8090
🔗 URL: http://127.0.0.1:8090
👉 (id): whoami
confluence

References

You might also like...

CVE-2022-26134 Proof of Concept

Through the Wire Through the Wire is a proof of concept exploit for CVE-2022-26134, an OGNL injection vulnerability affecting Atlassian Confluence Ser

Oct 29, 2022

Python Script to exploit Zimbra Auth Bypass + RCE (CVE-2022-27925)

Zimbra Unauthenticated Remote Code Execution Exploit (CVE-2022-27925) _____ _ __ /__ / (_)___ ___ / /_ _________ _ /

Nov 9, 2022

Apache Spark Command Injection PoC Exploit for CVE-2022-33891

CVE-2022-33891 PoC PoC for CVE-2022-33891, with ability to set custom payloads. Not vulnerable by default; vulnerable when: ./spark-submit --conf spar

Nov 9, 2022

Somewhat Reliable PoC Exploit for CVE-2022-36804 (BitBucket Critical Command Injection)

CVE-2022-36804-PoC-Exploit A somewhat reliable PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection). This attack generally requires p

Oct 25, 2022

CVE-2022-24500 Windows SMB Unauthenticated Remote Code Execution Vulnerability

CVE-2022-24500-RCE CVE-2022-24500 Windows SMB Remote Code Execution Vulnerability UNAUTHENTICATED RCE IN SMB (PORT 445) AFFECTING ALL VERSIONS OF WIND

Aug 17, 2022

ProxyNotShell and CVE-2022-41040 and CVE-2022-41082 #RCE #Exploit

ProxyNotShell and CVE-2022-41040 and CVE-2022-41082 #RCE #Exploit

ProxyNotShell ProxyNotShell and CVE-2022-41040 and CVE-2022-41082 Microsoft confirmed the two new zero-day vulnerabilities are being used in attacks a

Oct 9, 2022

BiblioCraft File Manipulation/Remote Code Execution exploit affecting BiblioCraft versions prior to v2.4.6

An oversight within BiblioCraft which allows restricted server-side file manipulation. This method only requires BiblioCraft! Not too much trickery an

Oct 29, 2022

CVE-2022-25260 JetBrains Hub pre-auth semi-blind server-side request forgery (SSRF)

CVE-2022-25260  JetBrains Hub pre-auth semi-blind server-side request forgery (SSRF)

CVE-2022-25260 JetBrains Hub pre-auth semi-blind server-side request forgery (SSRF) Requirements JetBrains Hub 2021.1.14276 JetBrains Hub before 2021

Oct 6, 2022

Remote File Inclusion To Remote Code Execution (PoC)

rfi2rce Remote File Inclusion To Remote Code Execution (PoC) rfi2rce - Remote File Inclusion To Remote Code Execution v1.0 by 0bfxgh0st* Usage python3

Oct 10, 2022
Owner
whokilleddb
The funny lines I call code.
whokilleddb
[PoC] Atlassian Confluence (CVE-2022-26134) - Unauthenticated OGNL injection vulnerability (RCE)

CVE-2022-26134 - OGNL injection vulnerability. Script proof of concept that exploits the remote code execution vulnerability affecting Atlassian Confl

Samy Younsi 258 Aug 24, 2022
Atlassian Confluence (CVE-2022-26134) - Unauthenticated Remote code execution (RCE)

CVE-2022-26134 Confluence Server and Data Center - CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability Summary CVE-

Az1z 8 Nov 12, 2022
Confluence OGNL expression injected RCE(CVE-2022-26134) poc and exp

CVE-2022-26134 Confluence OGNL expression injected RCE(CVE-2022-26134) poc and exp Usage Edit the python script. if __name__ == '__main__': taget

SNCKER 29 Nov 2, 2022
Apache APISIX Remote Code Execution (CVE-2022-24112) proof of concept exploit

Apache APISIX Remote Code Execution (CVE-2022-24112) Exploit Summary An attacker can abuse the batch-requests plugin to send requests to bypass the IP

Ven3xy 10 Sep 24, 2022
Python script to exploit CVE-2022-22954 and then exploit CVE-2022-22960

CVE-2022-22954 PoC VMware Workspace ONE Access and Identity Manager RCE via SSTI. CVE-2022-22954 - PoC SSTI Usage: CVE-2022-22954.py [-h] -m SET_MODE

Chocapik 26 Oct 25, 2022
Exploit for CVE-2020-5844 (Pandora FMS v7.0NG.742) - Remote Code Execution

Exploit for CVE-2020-5844 (Pandora FMS v7.0NG.742) - Remote Code Execution For educational and authorized security research purposes only.

UNICORD 2 May 21, 2022
DrayTek unauthenticated remote code execution vulnerability (CVE-2022-32548) in /cgi-bin/wlogin.cgi via username field

CVE-2022-32548-RCE-POC DrayTek unauthenticated remote code execution vulnerability (CVE-2022-32548) in /cgi-bin/wlogin.cgi via username field Technica

null 1 Sep 13, 2022
DrayTek unauthenticated remote code execution vulnerability (CVE-2022-32548) in /cgi-bin/wlogin.cgi via username field

CVE-2022-32548-RCE-POC DrayTek unauthenticated remote code execution vulnerability (CVE-2022-32548) in /cgi-bin/wlogin.cgi via username field Technica

null 1 Sep 16, 2022
DrayTek unauthenticated remote code execution vulnerability (CVE-2022-32548) in /cgi-bin/wlogin.cgi via username field

CVE-2022-32548-RCE-POC DrayTek unauthenticated remote code execution vulnerability (CVE-2022-32548) in /cgi-bin/wlogin.cgi via username field Technica

null 1 Sep 20, 2022
DrayTek unauthenticated remote code execution vulnerability (CVE-2022-32548) in /cgi-bin/wlogin.cgi via username field

CVE-2022-32548-Mass-Rce DrayTek unauthenticated remote code execution vulnerability (CVE-2022-32548) in /cgi-bin/wlogin.cgi via username field Technic

null 1 Sep 29, 2022