CVE-2022-22954 PoC — VMware 多款产品代码注入漏洞

Source

https://github.com/amit-pathak009/CVE-2022-22954-PoC

Associated Vulnerability

Title:VMware 多款产品代码注入漏洞 (CVE-2022-22954)
Description:Vmware Workspace One Access是美国Vmware公司的将用户身份与设备和网络信息等因素结合起来，为 Workspace One 交付的应用程序制定智能驱动的条件访问决策。 VMware 多款产品存在代码注入漏洞，该漏洞源于不正确的输入验证。远程攻击者利用该漏洞发送特制的HTTP请求并执行服务器端模板注入。

Readme

## CVE-2022-22954 PoC
VMware Workspace ONE Access and Identity Manager RCE via SSTI. 

CVE-2022-22954 - PoC SSTI

Usage: 


```bash
CVE-2022-22954.py [-h] -m SET_MODE [-i IP] [-c CMD]
optional arguments:
  -h, --help            show this help message and exit
  -m SET_MODE, --mode SET_MODE
                        Available modes: shodan | file | manual
  -i IP, --ip IP        Host IP
  -c CMD, --cmd CMD     Command string
  ```
  ### Modes 
  - shodan: Retrieves IP list based on "http.favicon.hash:-1250474341" query 
  - file: Put your IP list in ips.txt 
  - manual: Pass IP and CMD arguments to -m manual mode 
  
  ### Disclaimer 
  This is just a PoC. Use it at wour own risk and not in production nor real  environments.  Don't ask me why the code is like this or if it's good or bad, I don't care. I'm not a cool programmer and my code is ugly.

File Snapshot


 [4.0K]  /data/pocs/cffac9c737b6343d6c6c151ebfb1d93cb07e0982
├── [ 869]  cmd.jsp
├── [4.3K]  CVE-2022-22954.py
├── [  32]  ips.txt
├── [ 34K]  LICENSE
├── [ 858]  README.md
├── [1.5K]  rev.jsp
├── [1.5K]  trkmet.jsp
└── [1.5K]  trkrev.jsp

0 directories, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!