Share
## https://sploitus.com/exploit?id=4622AE77-40AA-5BEA-9233-54F47C1BB5DE
# nmap-CVE-2022-29464
nmap-CVE-2022-29464 is an NSE script for detecting CVE-2022-29464 vulnerability. Unauthorized and unrestricted arbitrary file transfer vulnerability that allows unauthenticated attackers to obtain RCEs on WSO2 servers by sending malicious JSP files.

## Vulnerability
See good writeup and PoC [here](https://github.com/hakivvi/CVE-2022-29464).

## Usage
```
┌──(kali㉿kali)-[~/nmap-CVE-2022-29464]
└─$ nmap 127.0.0.1 --script=./nmap-CVE-2022-29464.nse
(...)
PORT   STATE SERVICE
80/tcp open  http
| nmap-CVE-2022-29464:
|   VULNERABLE:
|   CVE-2022-29464
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2022-29464
|     Check results:
|       127.0.0.1:8080/authenticationendpoint/shell.jsp
|     References:
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29464
```

## Arguments
We can use several variables in the script. These are as follows:
- `path` - relative url. On `https://bugspace.pl/fileupload/toolsAny` it will be `/fileupload/toolsAny`. The default path is `/fileupload/toolsAny`,
- `filename` - file name on the server. The default name is `shell.jsp`.

# Tests
Soon

## License
Same as Nmap. See https://nmap.org/book/man-legal.html