CVE-2022-26134

[trickest-workflows]

CVE-2022-26134

Description

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

POC

Reference

• http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html
• http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html

Github

• https://github.com/murataydemir/CVE-2022-26134
• https://github.com/hab1b0x/CVE-2022-26134
• https://github.com/0x14dli/cve2022-26134exp
• https://github.com/0xAgun/CVE-2022-26134
• https://github.com/0xsyr0/OSCP
• https://github.com/1derian/pocsuite3_pro
• https://github.com/1rm/Confluence-CVE-2022-26134
• https://github.com/2212970396/CVE_2022_26134
• https://github.com/404tk/lazyscan
• https://github.com/ARPSyndicate/kenzer-templates
• https://github.com/AmoloHT/CVE-2022-26134
• https://github.com/Awrrays/FrameVul
• https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL
• https://github.com/Brucetg/CVE-2022-26134
• https://github.com/CLincat/vulcat
• https://github.com/Chocapikk/CVE-2022-26134
• https://github.com/ColdFusionX/CVE-2022-26134
• https://github.com/CyberDonkyx0/CVE-2022-26134
• https://github.com/DataDog/security-labs-pocs
• https://github.com/Debajyoti0-0/CVE-2022-26134
• https://github.com/Goqi/Banli
• https://github.com/KeepWannabe/BotCon
• https://github.com/Luchoane/CVE-2022-26134_conFLU
• https://github.com/Mr-xn/Penetration_Testing_POC
• https://github.com/Nwqda/CVE-2022-26134
• https://github.com/Panopticon-Project/panopticon-AdoptElf
• https://github.com/Panopticon-Project/panopticon-DFM
• https://github.com/Panopticon-Project/panopticon-DefineElf
• https://github.com/Panopticon-Project/panopticon-ScenarioElf
• https://github.com/PsykoDev/CVE-2022-26134
• https://github.com/PyterSmithDarkGhost/0DAYEXPLOITAtlassianConfluenceCVE-2022-26134
• https://github.com/SIFalcon/confluencePot
• https://github.com/SNCKER/CVE-2022-26134
• https://github.com/Sakura-nee/CVE-2022-26134
• https://github.com/Threekiii/Vulhub-Reproduce
• https://github.com/Vulnmachines/Confluence-CVE-2022-26134
• https://github.com/W01fh4cker/Serein
• https://github.com/Y000o/Confluence-CVE-2022-26134
• https://github.com/ZWDeJun/ZWDeJun
• https://github.com/Zhao-sai-sai/Full-Scanner
• https://github.com/abhishekmorla/CVE-2022-26134
• https://github.com/alcaparra/CVE-2022-26134
• https://github.com/archanchoudhury/Confluence-CVE-2022-26134
• https://github.com/axingde/CVE-2022-26134
• https://github.com/cai-niao98/CVE-2022-26134
• https://github.com/chaosec2021/EXP-POC
• https://github.com/come2darkside/Picus-Journey
• https://github.com/coskper-papa/CVE-2022-26134
• https://github.com/crowsec-edtech/CVE-2022-26134
• https://github.com/d-rn/vulBox
• https://github.com/dravenww/curated-article
• https://github.com/f4yd4-s3c/cve-2022-26134
• https://github.com/getastra/hypejab
• https://github.com/guchangan1/All-Defense-Tool
• https://github.com/h3v0x/CVE-2022-26134
• https://github.com/hab1b0x/CVE-2022-26134
• https://github.com/hktalent/TOP
• https://github.com/hou5/CVE-2022-26134
• https://github.com/incogbyte/CVE_2022_26134-detect
• https://github.com/iveresk/cve-2022-26134
• https://github.com/jbaines-r7/through_the_wire
• https://github.com/kh4sh3i/CVE-2022-26134
• https://github.com/kyxiaxiang/CVE-2022-26134
• https://github.com/langu-xyz/JavaVulnMap
• https://github.com/li8u99/CVE-2022-26134
• https://github.com/murataydemir/CVE-2022-26134
• https://github.com/nomi-sec/PoC-in-GitHub
• https://github.com/nxtexploit/CVE-2022-26134
• https://github.com/offlinehoster/CVE-2022-26134
• https://github.com/openx-org/BLEN
• https://github.com/p1ay8y3ar/cve_monitor
• https://github.com/p4b3l1t0/confusploit
• https://github.com/pipiscrew/timeline
• https://github.com/r1skkam/TryHackMe-Atlassian-CVE-2022-26134
• https://github.com/redhuntlabs/ConfluentPwn
• https://github.com/reubensammut/cve-2022-26134
• https://github.com/shamo0/CVE-2022-26134
• https://github.com/sunny-kathuria/exploit_CVE-2022-26134
• https://github.com/superfish9/pt
• https://github.com/tgravvold/bigip-irule-samples
• https://github.com/th3b3ginn3r/CVE-2022-26134-Exploit-Detection
• https://github.com/trhacknon/CVE-2022-26134
• https://github.com/trhacknon/CVE-2022-26134-bis
• https://github.com/truonghuuphuc/OWASP-ZAP-Scripts
• https://github.com/twoning/CVE-2022-26134-PoC
• https://github.com/vesperp/CVE-2022-26134-Confluence
• https://github.com/weeka10/Tools
• https://github.com/whokilleddb/CVE-2022-26134-Confluence-RCE
• https://github.com/zhibx/fscan-Intranet