CVE-2022-26134 – OGNL injection vulnerability

Script PoC that exploit the remote code execution vulnerability affecting Atlassian Confluence products 7.18.1 and under. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance.

Affected versions

All supported versions of Confluence Server and Data Center are affected. Confluence Server and Data Center versions after 1.3.0 are affected.

Dependencies:

  • Python 3.3+
  • The dependencies can be satisfied via pip install -r requirements.txt

How to use:

Clone the repo

git clone https://github.com/Nwqda/CVE-2022-26134
cd CVE-2022-26134
  • Run exploit

python3 cve-2022-26134.py https://target.com CMD
python3 cve-2022-26134.py https://target.com id
python3 cve-2022-26134.py https://target.com "ps aux"

PoC

Script PoC CVE-2022-26134

Video PoC CVE-2022-26134 OGNL injection Atlassian Confluence

Mitigation

Follow the official instruction from Atlassian: https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

Note

FOR EDUCATIONAL PURPOSE ONLY.

GitHub

View Github