Exploit for Unrestricted Upload of File with Dangerous Type in Wso2 Identity Server Analytics CVE-2022-29464

Name: Exploit for Unrestricted Upload of File with Dangerous Type in Wso2 Identity Server Analytics CVE-2022-29464
Rating: 5 (206 reviews)

2022-05-26 | CVSS 10.0

## https://sploitus.com/exploit?id=2DE6F244-D0FD-5849-B625-B05DA3E47855
# WSO2 Carbon Server CVE-2022-29464
Pre-auth RCE bug  CVE-2022-29464.
Write by Chocapikk
lightely modded by trhacknon

## Usage

```bash
python exploit.py -u <wso2_carbon_server> 
```
or:

```bash
python exploit.py -f <file>
```
## Zoomeye Dork
CLI:
```bash

zoomeye search 'title:"WSO2 Management Console"'  -num 10  -filter=ip,port
```
WEB:
```
title:"WSO2 Management Console"
```
## Google dorks
```

inurl:"/carbon/admin/login.jsp"
inurl"/authtenticationdpoit/login.do"
inurl:"/authenticationendpoint/login.do"
inurl:"devportal/apis"
intitle:"API Publisher- Login" 
intitle:"WSO2 Management Console"
```