Share
## https://sploitus.com/exploit?id=E202B1B4-334D-58B7-8078-798D4522D495
# CVE-2022-29464
<img width="406" alt="image" src="https://github.com/Pushkarup/CVE-2022-29464/assets/148672587/07f56f8c-a2e9-463d-b03a-9e3a6fd99b46">

## Introduction
Critical WSO2 vulnerability CVE-2022-29464 was found by Orange Tsai. The flaw is an unauthorised, unconstrained arbitrary file upload that enables unauthorised users to submit malicious JSP files to WSO2 servers and get Remote Code Execution (RCE).

## Disclaimer: Educational Purpose Only

This Exploit and Proof of Concept (PoC) is presented solely for educational and informational purposes. The intent behind sharing this is to demonstrate potential vulnerabilities in a controlled environment. The goal is to promote understanding of cybersecurity concepts and encourage responsible disclosure.

### Important Points:
- **Ethical Use:** This Exploit and PoC should only be used in environments and systems where you have explicit authorization. Unauthorized access to computer systems is illegal and unethical.
- **Responsible Disclosure:** If you discover vulnerabilities as a result of this Exploit and PoC, it is strongly recommended to report them responsibly to the relevant parties, allowing them adequate time to address and mitigate the issues.
- **No Endorsement:** This PoC and related materials do not endorse or encourage any form of unauthorized access, hacking, or any other illegal activities.

By accessing and using this Exploit and PoC, you acknowledge that you are solely responsible for your actions and agree to use this information in compliance with applicable laws and regulations. The author assumes no liability for any misuse or consequences arising from the use of this PoC for any purpose other than education and responsible disclosure.

## Exploit Features
- **Single Scan:** Scanning a single site for Exploit.
- **Mass Scan:** Scanning list of site from a file for Exploit.
- **Threading:** Using Threads for fast processing.
  
## WEBSHELL Features
- **User-friendly UI:** To improve communication between the user and the server, the webshell's user interface has been kept as basic as possible.
- **RCE Webshell:** Complete remote code execution functionality on the shell
- **30 Code Injection Predefined Commands:** A drop-down menu with 30 instructions ranging from basic to advanced has been introduced for easier use and comprehension.ย 
- **Asynchronous requests:** For Making the server work smoothly we employed asynchronous requests.

## WEBSHELL INTERFACE

https://github.com/Pushkarup/CVE-2022-29464/assets/148672587/f122fef2-794d-4fd5-a158-58f6e8e17cff


## Getting Started

### Prerequisites

- Python 3.x
- Required Python packages: `requests`, `colorama` , `urllib3` 

### Installation

1. Clone the repository:

    ```bash
    git clone https://github.com/Pushkarup/CVE-2022-29464.git
    cd CVE-2022-29464
    ```

2. Install the required Python packages:

    ```bash
    pip install -r requirements.txt
    ```

## Usage


1. Create a text file containing the target sites (one per line) and save it with a `.txt` extension.
 - Collect site list for test using dork `"WSO2 Identity Server" site:*` , `"WSO2" OR "Identity Server" site:*`

2. Run the script:

    ```bash
    python wso.py
    ```

3. Let the script run its course and follow the directions.
   
4. Every site that has been exploited will be stored to Results.txt.
   
5. By utilising my webshell that has been posted there, you may access those Backdoors and execute command injection.

## Contributing

Contributions are welcome! If you find any issues or have improvements, feel free to open a pull request or create an issue.

## License

This project is licensed under the [MIT License](LICENSE).


## Contact

- GitHub: [Pushkar Upadhyay](https://github.com/Pushkarup)
- LinkedIn: [Pushkar Upadhyay](www.linkedin.com/in/pushkar-upadhyay-24p)

## Donations
### Show your support
- BTC: 3QqVBBzDBezA9U77PCTwMPQVGb1eecv2SP
- ETH: 0xB779767483831BD98327A449C78FfccE2cc6df0a
- USDT: 0xB779767483831BD98327A449C78FfccE2cc6df0a