PoC for CVE-2022-22954 - VMware Workspace ONE Access Freemarker Server-Side Template Injection

Overview

CVE-2022-22954 PoC - VMware Workspace ONE Access Freemarker Server-Side Template Injection

A vulnerability, which was classified as very critical, was found in Vmware Workspace ONE Access and Identity Manager. Affected component is Template Handler. Reference: https://vuldb.com/?id.196644

Usage:

python3 CVE-2022-22954.py example.com "cat /etc/passwd"

Example:

image

Disclaimer

This python script is for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that I'm is not liable for any damages caused by direct or indirect use of the information or functionality provided by these scripts.

You might also like...

「💥」CVE-2022-33891 - Apache Spark Command Injection

「💥」CVE-2022-33891 - Apache Spark Command Injection

「 💥 」CVE-2022-33891 Description The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an aut

Oct 17, 2022

ProxyNotShell and CVE-2022-41040 and CVE-2022-41082 #RCE #Exploit

ProxyNotShell and CVE-2022-41040 and CVE-2022-41082 #RCE #Exploit

ProxyNotShell ProxyNotShell and CVE-2022-41040 and CVE-2022-41082 Microsoft confirmed the two new zero-day vulnerabilities are being used in attacks a

Oct 9, 2022

CVE-2022-22963 PoC

CVE-2022-22963 CVE-2022-22963 PoC Slight modified for English translation and detection of https://github.com/chaosec2021/Spring-cloud-function-SpEL-R

Nov 9, 2022

Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit

Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit

Spring4Shell PoC Application This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965). Full Java source

Nov 25, 2022

CVE-2022-22965 poc including reverse-shell support

CVE-2022-22965 poc CVE-2022-22965 poc including reverse-shell and password support. Feel free to add more stuff :) How to test? $ docker run -p 9090:8

Nov 5, 2022

A Safer PoC for CVE-2022-22965 (Spring4Shell)

Safer_PoC_CVE-2022-22965 A Safer PoC for CVE-2022-22965 (Spring4Shell) Functionality Creates a file called CVE_2022-22965_exploited.txt in the tomcat

Nov 12, 2022

POC for CVE-2022-1388

CVE-2022-1388 POC for CVE-2022-1388 affecting multiple F5 products. Follow the Horizon3.ai Attack Team on Twitter for the latest security research: Ho

Nov 10, 2022

Confluence OGNL expression injected RCE(CVE-2022-26134) poc and exp

CVE-2022-26134 Confluence OGNL expression injected RCE(CVE-2022-26134) poc and exp Usage Edit the python script. if __name__ == '__main__': taget

Nov 2, 2022

PoC for GLPI CVE-2022-31061

CVE-2022-31061 PoC for GLPI CVE-2022-31061 A Proof of Concept for GLPI = 9.3.0 and 10.0.2 - Unauthenticated SQL injection on login page Context : P

Nov 1, 2022
Owner
DrDv
DrDv
Python script to exploit CVE-2022-22954 and then exploit CVE-2022-22960

CVE-2022-22954 PoC VMware Workspace ONE Access and Identity Manager RCE via SSTI. CVE-2022-22954 - PoC SSTI Usage: CVE-2022-22954.py [-h] -m SET_MODE

Chocapik 26 Oct 25, 2022
the metasploit script(POC) about CVE-2022-41040. Microsoft Exchange are vulnerable to a server-side request forgery (SSRF) attack. An authenticated attacker can use the vulnerability to elevate privileges.

CVE-2022-41040-metasploit-ProxyNotShell the metasploit script(POC) about CVE-2022-41040. Microsoft Exchange are vulnerable to a server-side request fo

Taroballz 24 Nov 16, 2022
App with Server Side Template Injection (SSTI) vulnerability - in Flask. For web penetration testing / ethical hacking. Possible RCE :)

Vulnerable Web App: ssti-flask-hacking-playground This is small application vulnerable to Server Side Template Injection (SSTI) in Flask/Jinja2. The v

Filip Karczewski 8 Nov 21, 2022
[PoC] Atlassian Confluence (CVE-2022-26134) - Unauthenticated OGNL injection vulnerability (RCE)

CVE-2022-26134 - OGNL injection vulnerability. Script proof of concept that exploits the remote code execution vulnerability affecting Atlassian Confl

Samy Younsi 258 Aug 24, 2022
Apache Spark Command Injection PoC Exploit for CVE-2022-33891

CVE-2022-33891 PoC PoC for CVE-2022-33891, with ability to set custom payloads. Not vulnerable by default; vulnerable when: ./spark-submit --conf spar

Alex John, B 24 Nov 9, 2022
Somewhat Reliable PoC Exploit for CVE-2022-36804 (BitBucket Critical Command Injection)

CVE-2022-36804-PoC-Exploit A somewhat reliable PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection). This attack generally requires p

null 12 Oct 25, 2022
CVE-2022-25260 JetBrains Hub pre-auth semi-blind server-side request forgery (SSRF)

CVE-2022-25260 JetBrains Hub pre-auth semi-blind server-side request forgery (SSRF) Requirements JetBrains Hub <2021.1.14276 JetBrains Hub before 2021

Yurii Sanin 4 Oct 6, 2022
Minecraft Server Booter, Minecraft Server Crasher, Minecraft Server NullPing, Minecraft Server DDoS and Minecraft Server Bots

SpuffyCrasher-MinecraftBooter Minecraft Server Booter, Minecraft Server Crasher, Minecraft Server NullPing, Minecraft Server DDoS and Minecraft Server

Tahg 3 Apr 14, 2022
Exploit for CVE-2022-26134: Confluence Pre-Auth Remote Code Execution via OGNL Injection

Exploit for CVE-2022-26134: Confluence Pre-Auth Remote Code Execution via OGNL Injection Another exploit in OGNL Land Description Confluence is a web-

whokilleddb 4 Jul 29, 2022
CVE-2022-26134 - Pre-Auth Remote Code Execution via OGNL Injection

[-] CVE-2022-26134 - Confluence Pre-Auth Remote Code Execution via OGNL Injection Usage usage: exploit.py [-h] [-f FILE] [-c CMD] [-p LPORT] [-l LHOST

Chocapik 8 Oct 16, 2022