Script PoC that exploit the remote code execution vulnerability affecting Atlassian Confluence products 7.18.1 and under. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance.
All supported versions of Confluence Server and Data Center are affected. Confluence Server and Data Center versions after 1.3.0 are affected.
- Python 3.3+
- The dependencies can be satisfied via pip install -r requirements.txt
Clone the repo
git clone https://github.com/Nwqda/CVE-2022-26134
cd CVE-2022-26134
- Run exploit
python3 cve-2022-26134.py https://target.com CMD
python3 cve-2022-26134.py https://target.com id
python3 cve-2022-26134.py https://target.com "ps aux"
Follow the official instruction from Atlassian:
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
FOR EDUCATIONAL PURPOSE ONLY.