CVE-2022-26134 – OGNL injection vulnerability
Script PoC that exploit the remote code execution vulnerability affecting Atlassian Confluence products 7.18.1 and under. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance.
Affected versions
All supported versions of Confluence Server and Data Center are affected. Confluence Server and Data Center versions after 1.3.0 are affected.
Dependencies:
- Python 3.3+
- The dependencies can be satisfied via pip install -r requirements.txt
How to use:
Clone the repo
git clone https://github.com/Nwqda/CVE-2022-26134
cd CVE-2022-26134
- Run exploit
python3 cve-2022-26134.py https://target.com CMD
python3 cve-2022-26134.py https://target.com id
python3 cve-2022-26134.py https://target.com "ps aux"
PoC
Mitigation
Follow the official instruction from Atlassian: https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
Note
FOR EDUCATIONAL PURPOSE ONLY.