CVE-2022-29464 PoC — WSO2 API Manager 路径遍历漏洞

Source

https://github.com/axin2019/CVE-2022-29464

Associated Vulnerability

Title:WSO2 API Manager 路径遍历漏洞 (CVE-2022-29464)
Description:WSO2 API Manager是美国WSO2公司的一套API生命周期管理解决方案。 WSO2 API Manager 存在路径遍历漏洞，该漏洞允许无限制的文件上传和远程代码执行。

Description

Readme

# CVE-2022-29464
WSO2 是一个领先的各种 SOA 解决方案，包含了 SOA 相关的基础设施、技术框架和相关工具、流程服务器、应用服务器等。
影响范围

2.2.0 ≤ WSO2 API 管理器 ≤ 4.0.0

5.2.0 ≤ WSO2 Identity Server ≤ 5.11.0

WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, 5.6.0

5.3.0 ≤ WSO2 Identity Server as Key Manager ≤ 5.10.0

6.2.0 ≤ WSO2 Enterprise Integrator ≤ 6.6.0

修复建议

目前官方已发布最新版本，下载链接：https://wso2.com/

参考链接

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1738

File Snapshot


 [4.0K]  /data/pocs/78714ab00312e019103819f3ebb0c4e95d4953ce
├── [ 606]  README.md
└── [6.8K]  Wso2-CVE-2022-29464_2.py

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!