## https://sploitus.com/exploit?id=4622AE77-40AA-5BEA-9233-54F47C1BB5DE
# nmap-CVE-2022-29464
nmap-CVE-2022-29464 is an NSE script for detecting CVE-2022-29464 vulnerability. Unauthorized and unrestricted arbitrary file transfer vulnerability that allows unauthenticated attackers to obtain RCEs on WSO2 servers by sending malicious JSP files.
## Vulnerability
See good writeup and PoC [here](https://github.com/hakivvi/CVE-2022-29464).
## Usage
```
┌──(kali㉿kali)-[~/nmap-CVE-2022-29464]
└─$ nmap 127.0.0.1 --script=./nmap-CVE-2022-29464.nse
(...)
PORT STATE SERVICE
80/tcp open http
| nmap-CVE-2022-29464:
| VULNERABLE:
| CVE-2022-29464
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2022-29464
| Check results:
| 127.0.0.1:8080/authenticationendpoint/shell.jsp
| References:
|_ https://vulners.com/cve/CVE-2022-29464
```
## Arguments
We can use several variables in the script. These are as follows:
- `path` - relative url. On `https://bugspace.pl/fileupload/toolsAny` it will be `/fileupload/toolsAny`. The default path is `/fileupload/toolsAny`,
- `filename` - file name on the server. The default name is `shell.jsp`.
# Tests
Soon
## License
Same as Nmap. See https://nmap.org/book/man-legal.html