Implementation of CVE-2022-26134
This repository contains my implementation of the exploit for CVE-2022-26134. The version implemented here
bypasses the `isSafeExpression` checks in versions such as 7.18.0.
The exploit can be run in two modes:
The first mode allows you to run one command at a time:
python3 cve-2022-26134.py <host> <command>
This would return the output of the command if it succeeds or display an empty line if not
The second mode to run this command is interactive mode:
python3 cve-2022-26134.py <host> -i
This launches a non persistent interactive shell, where you can type commands, which get executed on the
server and then display the results. No state is held between commands.