CVE-2022-22954 PoC — VMware 多款产品代码注入漏洞

Source

https://github.com/DrorDvash/CVE-2022-22954_VMware_PoC

Associated Vulnerability

Title:VMware 多款产品代码注入漏洞 (CVE-2022-22954)
Description:Vmware Workspace One Access是美国Vmware公司的将用户身份与设备和网络信息等因素结合起来，为 Workspace One 交付的应用程序制定智能驱动的条件访问决策。 VMware 多款产品存在代码注入漏洞，该漏洞源于不正确的输入验证。远程攻击者利用该漏洞发送特制的HTTP请求并执行服务器端模板注入。

Description

PoC for CVE-2022-22954 - VMware Workspace ONE Access Freemarker Server-Side Template Injection

Readme

# CVE-2022-22954 PoC - VMware Workspace ONE Access Freemarker Server-Side Template Injection



A vulnerability, which was classified as very critical, was found in Vmware Workspace ONE Access and Identity Manager. Affected component is Template Handler.
Reference: https://vuldb.com/?id.196644

## Usage:
```
python3 CVE-2022-22954.py example.com "cat /etc/passwd"
```

## Example:
![image](https://user-images.githubusercontent.com/8413651/163058430-0e17dc68-dfe3-4700-8ef6-956f11449c97.png)

## Disclaimer
This python script is for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that I'm is not liable for any damages caused by direct or indirect use of the information or functionality provided by these scripts.

File Snapshot


 [4.0K]  /data/pocs/daaba6d699e42fe699946a61ba476144e982d840
├── [1.4K]  CVE-2022-22954.py
└── [ 780]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!