【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。
vulcat可用于扫描Web端常见的CVE、CNVD等编号的漏洞,发现漏洞时会返回Payload信息。部分漏洞还支持命令行交互模式,可以持续利用漏洞
【Lazy Artifact】A graphical tool that collects urls in batches, and performs various nday detections on the collected urls in batches. It can be used for src mining, cnvd mining, 0day exploitation, bui...
[CVE-2022-26134]Confluence OGNL expression injected RCE with sandbox bypass.
Atlassian Confluence (CVE-2022-26134) - Unauthenticated Remote code execution (RCE)
Simple Honeypot for Atlassian Confluence (CVE-2022-26134)
「💥」CVE-2022-26134 - Confluence Pre-Auth RCE
远程攻击者在Confluence未经身份验证的情况下,可构造OGNL表达式进行注入,实现在Confluence Server或Data Center上执行任意代码,在现有脚本上修改了poc,方便getshell。
[PoC] Atlassian Confluence (CVE-2022-26134) - Unauthenticated OGNL injection vulnerability (RCE)
Atlassian Confluence (CVE-2022-26134) - Unauthenticated OGNL injection vulnerability (RCE).
Confluence Server and Data Center - CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability PoC
[CVE-2022-26134] Confluence Pre-Auth Object-Graph Navigation Language (OGNL) Injection
CVE-2022-26134 - Confluence Pre-Auth Remote Code Execution [RCE]
This repository contains Yara rule and the method that a security investigator may want to use for CVE-2022-26134 threat hunting on their Linux confluence servers.
Atlassian's Confluence Server and Data Center editions (Vulnerable Version > 7.18.1)