来源

关联漏洞

描述

Atlassian Confluence- Unauthenticated OGNL injection vulnerability (RCE) 

介绍

# Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134) in Ruby 


Confluence is a web-based corporate wiki developed by Australian software company Atlassian.

On June 02, 2022 Atlassian released a security advisory for their Confluence Server and Data Center applications, highlighting a critical severity unauthenticated remote code execution vulnerability. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance.

References:

- <https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html>
- <https://attackerkb.com/topics/BH1D56ZEhs/cve-2022-26134/rapid7-analysis>
- <https://github.com/vulhub/vulhub/tree/master/confluence/CVE-2022-26134>

## Vulnerable Environment

Execute following command to start a Confluence Server 7.13.6:

```
docker-compose up -d
```

After the environment starts, visit ``http://your-ip:8090`` and you will see the installation guide, select "Trial installation", then you will be asked to fill in the license key. You should apply for a Confluence Server test certificate from Atlassian.

Following [this guide](https://github.com/vulhub/vulhub/tree/master/confluence/CVE-2019-3396) to complete the installation.

On the database configuration page, fill in the form with database address `db`, database name `confluence`, username `postgres`, password `postgres`.


## Exploit 

Note: Exploit is still under development , any pull request ideas are welcomed 

![Habib0x](https://user-images.githubusercontent.com/24976957/172489563-3d3611b3-7d86-4d01-bd6b-e4c4fd90d744.png)



https://user-images.githubusercontent.com/24976957/172490114-2b81b6f1-9c4d-4542-9d8d-e4d7b4a82d9d.mov

文件快照

 [4.0K]  /data/pocs/35a6816e092b3ac3f5a70f9f5eebefe1ce443e23
├── [2.5K]  CVE-2022-26134.rb
├── [ 242]  docker-compose.yml
└── [1.7K]  README.md

0 directories, 3 files

备注