NOMISEC-jimidk/Better-CVE-2022-29464

NOMISEC WORKING POC

Exploit for CVE-2022-29464 - WSO2 Arbitrary File Upload to RCE

AI Analysis

This repository contains a Python-based exploit for CVE-2022-29464, which leverages an unrestricted file upload vulnerability in WSO2 products to achieve remote code execution. The exploit uploads a JSP shell to a traversed directory under the web root, allowing command execution with superuser privileges.

Attack Type

RCE

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type poc

Files 3

https://github.com/jimidk/Better-CVE-2022-29464

Stars 4

Forks 2

Last Push Jun 04, 2022

Authors

jimidk

Vulnerability

CVE-2022-29464

WSO2 Arbitrary File Upload to RCE

CRITICAL KEV

CVSS 9.8