CVE-2022-26134
The target Confluence instance appears to be vulnerable to CVE-2022-26134
/Practice/Flu/3-Exploitation/attachments/{049704F5-81C1-45E0-BCB1-933194B5CF5F}.png)
A vulnerability has been found in Atlassian Confluence Server and Data Center up to 7.18.0 and classified as very critical. Affected by this vulnerability is an unknown functionality of the component OGNL Handler. The manipulation leads to injection. This vulnerability is known as CVE-2022-26134. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
Exploit
/Practice/Flu/3-Exploitation/attachments/{D226F055-51F1-4642-964A-14ECB0921539}.png)
Exploit found online
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/flu]
└─$ git clone https://github.com/kh4sh3i/CVE-2022-26134 ; cd CVE-2022-26134
Cloning into 'CVE-2022-26134'...
remote: Enumerating objects: 13, done.
remote: Counting objects: 100% (13/13), done.
remote: Compressing objects: 100% (13/13), done.
remote: Total 13 (delta 2), reused 0 (delta 0), pack-reused 0 (from 0)
Receiving objects: 100% (13/13), 7.18 KiB | 7.18 MiB/s, done.
Resolving deltas: 100% (2/2), done.Cloning the exploit repo to Kali