Exploit for Expression Language Injection in Atlassian Confluence Data Center CVE-2022-26134

Name: Exploit for Expression Language Injection in Atlassian Confluence Data Center CVE-2022-26134
Rating: 5 (272 reviews)

2022-06-07 | CVSS 7.5

## https://sploitus.com/exploit?id=0E5BE237-A243-54B8-9AD7-92FBA10D1FA2
# Exploit for CVE-2022-26134: Confluence Pre-Auth Remote Code Execution via OGNL Injection

 _Another exploit in OGNL Land_

## Description

Confluence is a web-based corporate wiki developed by Australian software company Atlassian.
 
On June 02, 2022 Atlassian released a security advisory for their Confluence Server and Data Center applications, highlighting a critical severity unauthenticated remote code execution vulnerability. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance.
 
## Setup

To setup your lab, run `start_conflunce.sh` and follow the instructions given [here](https://github.com/vulhub/vulhub/tree/master/confluence/CVE-2022-26134).

## Usage

```bash
$ ./confluence-exploit.py                          
usage: confluence-exploit.py [-h] -u URL
confluence-exploit.py: error: the following arguments are required: -u/--url 
```

```bash
$  ./confluence-exploit.py -u http://127.0.0.1:8090
🔗 URL: http://127.0.0.1:8090
👉 (id): whoami
confluence
```

## References

- https://www.rapid7.com/ja/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/
- Infosec Twitter