POC详情: e700e3695287b2e2fc74d879ecf17637961ec6cc

来源
https://github.com/oppsec/WSOB
关联漏洞
标题: WSO2 API Manager 路径遍历漏洞 (CVE-2022-29464)
描述:WSO2 API Manager是美国WSO2公司的一套API生命周期管理解决方案。 WSO2 API Manager 存在路径遍历漏洞,该漏洞允许无限制的文件上传和远程代码执行。
描述
😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.
介绍
# 😭 WSOB (CVE-2022-29464)

<div align="center">
    <img src="./assets/banner.png">
</div>

<br>

<p align="center">
    <img src="https://img.shields.io/github/license/oppsec/WSOB?color=blue&logo=github&style=for-the-badge">
    <img src="https://img.shields.io/github/issues/oppsec/WSOB?color=blue&logo=github&style=for-the-badge">
    <img src="https://img.shields.io/github/stars/oppsec/WSOB?color=blue&label=STARS&logo=github&style=for-the-badge">
    <img src="https://img.shields.io/github/v/release/oppsec/WSOB?color=blue&logo=github&style=for-the-badge">
    <img src="https://img.shields.io/github/languages/code-size/oppsec/WSOB?color=blue&logo=github&style=for-the-badge">
</p>

___

<br>

**😭 WSOB** is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.

<br>

## CVE-2022-29464 details:
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0; and WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0.

Source: https://nvd.nist.gov/vuln/detail/CVE-2022-29464

<br><br>

## ⚡ Installing / Getting started

<p> A quick guide on how to install and use WSOB </p>

```
1. Clone the repository - git clone https://github.com/oppsec/wsob.git
2. Install the libraries - pip3 install -r requirements.txt
3. Run WSOB2 - python3 main.py -u https://example.com
```

<br><br>

## ⚙️ Pre-requisites
- [Python 3](https://www.python.org/downloads/) installed on your machine.
- Install the libraries with `pip3 install -r requirements.txt`

<br><br>

## 🔨 Contributing

A quick guide of how to contribute with the project.

```
1. Create a fork from WSOB repository
2. Download the project with git clone https://github.com/your/wsob.git
3. Make your changes
4. Commit and make a git push
5. Open a pull request
```

<br><br>

## 🙏 Credits
- Credits to hakivvi for the original webshell code

<br><br>

## ⚠️ Warning
- The developer is not responsible for any malicious use of this tool.
文件快照

 [4.0K]  /data/pocs/e700e3695287b2e2fc74d879ecf17637961ec6cc
├── [4.0K]  assets
│   └── [156K]  banner.png
├── [ 294]  CHANGELOG.md
├── [1.0K]  LICENSE
├── [ 331]  main.py
├── [2.4K]  README.md
├── [  30]  requirements.txt
└── [4.0K]  src
    ├── [4.0K]  interface
    │   ├── [ 293]  banner.txt
    │   └── [ 273]  ui.py
    └── [4.0K]  wsob
        ├── [4.0K]  helpers
        │   ├── [ 602]  settings.py
        │   └── [108K]  user-agents.txt
        └── [1.9K]  main.py

5 directories, 11 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。