一、 漏洞 CVE-2022-26134 基础信息
漏洞标题
N/A
来源:AIGC 神龙大模型
漏洞描述信息
在受影响的 Confluence Server 和数据中心版本中,存在一个 OGNL 注入漏洞,这允许未授权的 attacker 在 Confluence Server 或数据中心实例上执行任意代码。受影响的版本是从 1.3.0 前 7.4.17 版本开始,从 7.13.0 前 7.13.7 版本开始,从 7.14.0 前 7.14.3 版本开始,从 7.15.0 前 7.15.2 版本开始,从 7.16.0 前 7.16.4 版本开始,从 7.17.0 前 7.17.4 版本开始,以及从 7.18.0 前 7.18.1 版本开始。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:AIGC 神龙大模型
漏洞类别
N/A
来源:AIGC 神龙大模型
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Atlassian Confluence Server 注入漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Atlassian Confluence Server是澳大利亚Atlassian公司的一套具有企业知识管理功能,并支持用于构建企业WiKi的协同软件的服务器版本。 Atlassian Confluence Server 和 Data Center 存在注入漏洞。攻击者利用该漏洞执行任意代码。以下产品及版本受到影响:1.3.0版本至7.4.17之前版本、7.13.0版本至7.13.7之前版本、7.14.0版本至7.14.3之前版本、7.15.0版本至 7.15.2之前版本、7.16.0版本至7.16.4之
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
注入
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2022-26134 的公开POC
# POC 描述 源链接 神龙链接
1 【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。 https://github.com/W01fh4cker/Serein POC详情
2 Information and scripts for the confluence CVE-2022-26134 https://github.com/offlinehoster/CVE-2022-26134 POC详情
3 0-DAY: Unauthenticated Remote Code Execution in Atlassian Confluence (CVE-2022-26134). https://github.com/CyberDonkyx0/CVE-2022-26134 POC详情
4 This repository contains Yara rule and the method that a security investigator may want to use for CVE-2022-26134 threat hunting on their Linux confluence servers. https://github.com/th3b3ginn3r/CVE-2022-26134-Exploit-Detection POC详情
5 CVE-2022-26134 Proof of Concept https://github.com/jbaines-r7/through_the_wire POC详情
6 CVE-2022-26134 - Confluence Pre-Auth RCE | OGNL injection https://github.com/crowsec-edtech/CVE-2022-26134 POC详情
7 None https://github.com/kyxiaxiang/CVE-2022-26134 POC详情
8 (CVE-2022-26134)an unauthenticated and remote OGNL injection vulnerability resulting in code execution in the context of the Confluence server https://github.com/Brucetg/CVE-2022-26134 POC详情
9 Confluence Server and Data Center - CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability PoC https://github.com/shamo0/CVE-2022-26134 POC详情
10 [CVE-2022-26134]Confluence OGNL expression injected RCE with sandbox bypass. https://github.com/SNCKER/CVE-2022-26134 POC详情
11 None https://github.com/Sakura-nee/CVE-2022-26134 POC详情
12 None https://github.com/Vulnmachines/Confluence-CVE-2022-26134 POC详情
13 Atlassian confluence poc https://github.com/axingde/CVE-2022-26134 POC详情
14 CVE-2022-26134 https://github.com/1rm/Confluence-CVE-2022-26134 POC详情
15 None https://github.com/0xAgun/CVE-2022-26134 POC详情
16 None https://github.com/abhishekmorla/CVE-2022-26134 POC详情
17 Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134) https://github.com/h3v0x/CVE-2022-26134 POC详情
18 This repository talks about Zero-Day Exploitation of Atlassian Confluence, it's defense and analysis point of view from a SecOps or Blue Team perspective https://github.com/archanchoudhury/Confluence-CVE-2022-26134 POC详情
19 Simple Honeypot for Atlassian Confluence (CVE-2022-26134) https://github.com/SIFalcon/confluencePot POC详情
20 None https://github.com/PsykoDev/CVE-2022-26134 POC详情
21 None https://github.com/vesperp/CVE-2022-26134-Confluence POC详情
22 Atlassian Confluence 远程代码执行漏洞(CVE-2022-26134) https://github.com/li8u99/CVE-2022-26134 POC详情
23 Implementation of CVE-2022-26134 https://github.com/reubensammut/cve-2022-26134 POC详情
24 None https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL POC详情
25 CVE-2022-26134 Confluence OGNL Injection POC https://github.com/alcaparra/CVE-2022-26134 POC详情
26 Exploit for CVE-2022-26134: Confluence Pre-Auth Remote Code Execution via OGNL Injection https://github.com/whokilleddb/CVE-2022-26134-Confluence-RCE POC详情
27 Atlassian Confluence- Unauthenticated OGNL injection vulnerability (RCE) https://github.com/Habib0x0/CVE-2022-26134 POC详情
28 None https://github.com/Y000o/Confluence-CVE-2022-26134 POC详情
29 Atlassian confluence unauthenticated ONGL injection remote code execution scanner (CVE-2022-26134). https://github.com/redhuntlabs/ConfluentPwn POC详情
30 CVE-2022-26134 https://github.com/cai-niao98/CVE-2022-26134 POC详情
31 CVE-2022-26134, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. This is CVE-2022-26134 expoitation script https://github.com/sunny-kathuria/exploit_CVE-2022-26134 POC详情
32 [CVE-2022-26134] Attlasian Confluence RCE https://github.com/KeepWannabe/BotCon POC详情
33 CVE-2022-26134 - Pre-Auth Remote Code Execution via OGNL Injection https://github.com/Chocapikk/CVE-2022-26134 POC详情
34 「💥」CVE-2022-26134 - Confluence Pre-Auth RCE https://github.com/AmoloHT/CVE-2022-26134 POC详情
35 [PoC] Atlassian Confluence (CVE-2022-26134) - Unauthenticated OGNL injection vulnerability (RCE) https://github.com/kh4sh3i/CVE-2022-26134 POC详情
36 Atlassian Confluence OGNL Injection Remote Code Execution (RCE) Vulnerability (CVE-2022-26134) https://github.com/ColdFusionX/CVE-2022-26134 POC详情
37 PoC for exploiting CVE-2022-26134 on Confluence https://github.com/Luchoane/CVE-2022-26134_conFLU POC详情
38 Atlassian, CVE-2022-26134 An interactive lab showcasing the Confluence Server and Data Center un-authenticated RCE vulnerability. https://github.com/r1skkam/TryHackMe-Atlassian-CVE-2022-26134 POC详情
39 Atlassian Confluence (CVE-2022-26134) - Unauthenticated Remote code execution (RCE) https://github.com/nxtexploit/CVE-2022-26134 POC详情
40 Atlassian Confluence (CVE-2022-26134) - Unauthenticated OGNL injection vulnerability (RCE). https://github.com/Debajyoti0-0/CVE-2022-26134 POC详情
41 None https://github.com/f4yd4-s3c/cve-2022-26134 POC详情
42 confluence rce https://github.com/coskper-papa/CVE-2022-26134 POC详情
43 This is a python script that can be used with Shodan CLI to mass hunting Confluence Servers vulnerable to CVE-2022-26134 https://github.com/p4b3l1t0/confusploit POC详情
44 CVE-2022-26134-PoC https://github.com/twoning/CVE-2022-26134-PoC POC详情
45 Just simple PoC for the Atlassian Jira exploit. Provides code execution for unauthorised user on a server. https://github.com/iveresk/cve-2022-26134 POC详情
46 远程攻击者在Confluence未经身份验证的情况下,可构造OGNL表达式进行注入,实现在Confluence Server或Data Center上执行任意代码,在现有脚本上修改了poc,方便getshell。 https://github.com/keven1z/CVE-2022-26134 POC详情
47 CVE-2022-26134-Console https://github.com/shiftsansan/CVE-2022-26134-Console POC详情
48 CVE-2022-26134 web payload https://github.com/1337in/CVE-2022-26134web POC详情
49 Detecting CVE-2022-26134 using Nuclei https://github.com/skhalsa-sigsci/CVE-2022-26134-LAB POC详情
50 None https://github.com/yigexioabai/CVE-2022-26134-cve1 POC详情
51 在受影响的Confluence Server 和Data Center 版本中,存在一个OGNL 注入漏洞,该漏洞允许未经身份验证的攻击者在Confluence Server 或Data Center 服务器上执行任意代码。 https://github.com/kailing0220/CVE-2022-26134 POC详情
52 批量检测CVE-2022-26134 RCE漏洞 https://github.com/xanszZZ/ATLASSIAN-Confluence_rce POC详情
53 Confluence Server and Data Center存在一个远程代码执行漏洞,未经身份验证的攻击者可以利用该漏洞向目标服务器注入恶意ONGL表达式,进而在目标服务器上执行任意代码。 https://github.com/kelemaoya/CVE-2022-26134 POC详情
54 cve-2022-26134 https://github.com/CJ-0107/cve-2022-26134 POC详情
55 CVE-2022-26134 https://github.com/latings/CVE-2022-26134 POC详情
56 CVE-2022-26134poc https://github.com/yyqxi/CVE-2022-26134 POC详情
57 None https://github.com/b4dboy17/CVE-2022-26134 POC详情
58 CVE-2022-26134 GO POC 练习 https://github.com/wjlin0/CVE-2022-26134 POC详情
59 None https://github.com/cbk914/CVE-2022-26134_check POC详情
60 None https://github.com/MaskCyberSecurityTeam/CVE-2022-26134_Behinder_MemShell POC详情
61 Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134) https://github.com/Muhammad-Ali007/Atlassian_CVE-2022-26134 POC详情
62 A PoC for CVE-2022-26134 for Educational Purposes and Security Research https://github.com/acfirthh/CVE-2022-26134 POC详情
63 None https://github.com/yTxZx/CVE-2022-26134 POC详情
64 Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134) https://github.com/hev0x/CVE-2022-26134 POC详情
65 None https://github.com/DARKSTUFF-LAB/-CVE-2022-26134 POC详情
66 None https://github.com/CatAnnaDev/CVE-2022-26134 POC详情
67 None https://github.com/404fu/CVE-2022-26134-POC POC详情
68 confluence rce (CVE-2021-26084, CVE-2022-26134, CVE-2023-22527) https://github.com/BBD-YZZ/Confluence-RCE POC详情
69 CVE-2022-26134 exploit script https://github.com/cc3305/CVE-2022-26134 POC详情
70 This repository contains Yara rule and the method that a security investigator may want to use for CVE-2022-26134 threat hunting on their Linux confluence servers. https://github.com/ma1am/CVE-2022-26134-Exploit-Detection POC详情
71 None https://github.com/xsxtw/CVE-2022-26134 POC详情
72 None https://github.com/Agentgilspy/CVE-2022-26134 POC详情
73 None https://github.com/XiaomingX/CVE-2022-26134-poc POC详情
74 None https://github.com/XiaomingX/cve-2022-26134-poc POC详情
75 Active Exploitation of Atlassian’s Questions for Confluence App CVE-2022-26134 https://github.com/Khalidhaimur/CVE-2022-26134 POC详情
76 cve-2022-26134 atlassia Confluence Data Center2016 server OGNL %[...} https://github.com/mr-won/cve-2022-26134 POC详情
77 Confluence Server and Data Center is susceptible to an unauthenticated remote code execution vulnerability. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-26134.yaml POC详情
78 None https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Atlassian%20Confluence%20OGNL%E8%A1%A8%E8%BE%BE%E5%BC%8F%E6%B3%A8%E5%85%A5%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2022-26134.md POC详情
79 https://github.com/vulhub/vulhub/blob/master/confluence/CVE-2022-26134/README.md POC详情
80 cve-2022-26134 atlassia Confluence Data Center2016 server OGNL %[...} https://github.com/user20252228/cve-2022-26134 POC详情
三、漏洞 CVE-2022-26134 的情报信息