Exploit for Path Traversal in Wso2 Identity Server Analytics CVE-2022-29464

Name: Exploit for Path Traversal in Wso2 Identity Server Analytics CVE-2022-29464
Rating: 5 (325 reviews)
2022-06-22 | CVSS 10.0
## https://sploitus.com/exploit?id=D6A3D7A1-BA12-5C2E-BFC3-83078CF2F89B
## Meow Meow Meow!<br>

Just a Mass Exploit based on a Python PoC for # WSO2 Carbon Server [CVE-2022-29464](https://vulners.com/cve/CVE-2022-29464)<br>
Pre-auth RCE bug  [CVE-2022-29464](https://vulners.com/cve/CVE-2022-29464).<br>
## Meow Meow Meow? Requirements? <br>
<br>
Python3<br>
Shodan<br>
Zoomeye<br>
A Brain<br>

## What is this tool? <br>

This is a mass-autoscan-exploit of [CVE-2022-29464](https://vulners.com/cve/CVE-2022-29464) based on the PoC wrote in python by a third part.<br>
The Py file is available and readable, see also the bash script that don't contain any encoded string.<br>
Massexploit will upload a shell and a reverse shell and print out the path to access it. Easy, Quick and Cool.<br>
I know that probably the code could be wrote better and saving some lines, but i did it when i was drunk and just to do something.<br>
So?<br>
Just run:<br>

```bash
./mass_exploit.sh
```
This command can setup your shodan and zoomeye tool, API included (if you want to skip the setup of tools or api, just press enter to skip.)<br>
Then it start search for vulnerable hosts based on the dorks (examples are provided in the file examples_dorks.txt).<br>
If you prefer, the manual mode is always available through the command below.<br>
The mass_exploit.sh output will be printed in the shell screen.<br>

![PoC](https://github.com/electr0lulz/Mass-exploit-CVE-2022-29464/blob/12c649eddaed6033a1aec05d27fc93408900a128/poc.png)<br>


```bash
python3 exploit.py -u host:port
```
or easily:

```bash
python3 exploit.py -f <file>
```
################################################################<br>
## Search tools: <br>
## Shodan  <br>
Get your account and an API Key here: https://account.shodan.io/<br>
```bash
sudo apt-get install python-setuptools -y
sudo apt-get install pip -y
pip install shodan
easy_install shodan
```
## Zoomeye <br>
Get an account and your API Key here: https://www.zoomeye.org/
```bash
pip3 install git+https://github.com/knownsec/ZoomEye-python.git
```
## Enjoy it <br>
This tool has been provided just for accademic purposes. I am not responsible for any illegal action made with this code.<br>
Electrolulz - https://github.com/electr0lulz - electrolulz@protonmail.com<br>
Tested on a Ubuntu based O.S.