exploitdb
WORKING POC
by Fellipe Oliveira · pythonwebappsjava
https://www.exploit-db.com/exploits/50952
This exploit leverages an OGNL injection vulnerability in Confluence Data Center to achieve remote code execution. It sends a crafted HTTP request with a malicious payload to execute arbitrary commands on the target system.
Classification
Working Poc 95%
Target:
Atlassian Confluence Data Center versions < 7.4.17 and < 7.18.1
No auth needed
Prerequisites:
Network access to the target Confluence instance · Vulnerable version of Confluence Data Center
nomisec
WORKING POC
1,236 stars
by W01fh4cker · remote
https://github.com/W01fh4cker/Serein
This repository contains a collection of exploit PoCs for various CVEs, including CVE-2022-26134. The main script, Serein.py, is a multi-nday batch exploitation tool that integrates multiple exploit modules for vulnerabilities like RCE, SQL injection, and unauthorized access.
Classification
Working Poc 90%
Target:
Atlassian Confluence (CVE-2022-26134)
No auth needed
Prerequisites:
Python 3.7-3.9 · Target system running vulnerable software · Network access to the target
nomisec
WORKING POC
342 stars
by BeichenDream · remote
https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL
This repository contains a working exploit for CVE-2022-26134, which targets a vulnerability in Apache Struts2. The exploit injects a Godzilla memory shell into the target system using a JavaScript payload and Java reflection techniques.
Classification
Working Poc 95%
Target:
Apache Struts2
No auth needed
Prerequisites:
Target system running vulnerable Apache Struts2 · Network access to the target system
nomisec
WORKING POC
169 stars
by jbaines-r7 · remote
https://github.com/jbaines-r7/through_the_wire
This is a functional proof-of-concept exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence Server and Data Center. It includes two exploit methods: a reverse shell and a file reader, both tested against vulnerable versions.
Classification
Working Poc 100%
Target:
Atlassian Confluence Server and Data Center <= 7.13.6 LTS and <= 7.18.0
No auth needed
Prerequisites:
Network access to the target Confluence instance · Python environment with required libraries
nomisec
WORKING POC
43 stars
by hev0x · remote
https://github.com/hev0x/CVE-2022-26134
This repository contains a functional exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence Server and Data Center. The exploit allows unauthenticated remote code execution by injecting a malicious OGNL expression into the target URL.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server and Data Center < 7.4.17, < 7.18.1
No auth needed
Prerequisites:
Network access to the target Confluence instance · Python 3 environment
nomisec
WORKING POC
32 stars
by crowsec-edtech · remote
https://github.com/crowsec-edtech/CVE-2022-26134
This is a functional exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence allowing unauthenticated remote code execution. The exploit sends a crafted HTTP request with an OGNL payload to execute arbitrary commands on the target system.
Classification
Working Poc 95%
Target:
Atlassian Confluence (affected versions include those before the fix for CVE-2022-26134)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Target must be running a vulnerable version of Confluence
nomisec
WORKING POC
28 stars
by SNCKER · poc
https://github.com/SNCKER/CVE-2022-26134
This is a functional exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence. It includes both a proof-of-concept check and an interactive shell for remote command execution via Nashorn JavaScript engine.
Classification
Working Poc 95%
Target:
Atlassian Confluence (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Network access to vulnerable Confluence instance · OGNL injection endpoint exposed
nomisec
WORKING POC
27 stars
by nxtexploit · remote
https://github.com/nxtexploit/CVE-2022-26134
This is a functional exploit for CVE-2022-26134, an unauthenticated remote code execution vulnerability in Confluence Server and Data Center. It leverages OGNL injection to execute arbitrary commands and retrieves the output via HTTP headers.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server and Data Center (versions after 1.3.0, before 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, 7.18.1)
No auth needed
Prerequisites:
Target must be running a vulnerable version of Confluence Server/Data Center · Network access to the target's HTTP/HTTPS service
nomisec
WORKING POC
20 stars
by SIFalcon · poc
https://github.com/SIFalcon/confluencePot
This is a honeypot implementation for CVE-2022-26134, an unauthenticated remote OGNL injection vulnerability in Atlassian Confluence. It logs exploitation attempts and returns mock responses without allowing actual command execution.
Classification
Working Poc 100%
Target:
Atlassian Confluence (unpatched versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Network access to a vulnerable Confluence instance
nomisec
WORKING POC
14 stars
by AmoloHT · remote
https://github.com/AmoloHT/CVE-2022-26134
This repository contains a Python script that exploits CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence Server and Data Center. The exploit sends a crafted payload to execute arbitrary commands on vulnerable instances and checks for the presence of an 'X-Response' header to confirm exploitation.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server and Data Center (versions 1.3.0 before 7.4.17, 7.13.0 before 7.13.7, 7.14.0 before 7.14.3, 7.15.0 before 7.15.2, 7.16.0 before 7.16.4, 7.17.0 before 7.17.4, and 7.18.0 before 7.18.1)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Python 3.x with the 'requests' library installed
nomisec
WORKING POC
13 stars
by whokilleddb · remote
https://github.com/whokilleddb/CVE-2022-26134-Confluence-RCE
This repository contains a functional exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence Server and Data Center. The exploit allows unauthenticated remote code execution by injecting malicious OGNL expressions into the target URL.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server and Data Center (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Target Confluence instance vulnerable to CVE-2022-26134 · Network access to the target
nomisec
WORKING POC
11 stars
by redhuntlabs · remote
https://github.com/redhuntlabs/ConfluentPwn
This repository contains a Go-based scanner and exploit for CVE-2022-26134, a pre-auth OGNL injection vulnerability in Confluence leading to remote code execution. The tool detects vulnerable Confluence instances and executes arbitrary commands via a crafted payload.
Classification
Working Poc | Scanner 95%
Target:
Atlassian Confluence (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Vulnerable Confluence version
nomisec
WORKING POC
11 stars
by iveresk · remote
https://github.com/iveresk/cve-2022-26134
This repository contains a functional PoC for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence. The exploit allows unauthenticated remote code execution by injecting a malicious payload into the target server, which executes arbitrary commands and returns the output in the response header.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server and Data Center versions 7.18 and lower
No auth needed
Prerequisites:
Network access to the target Confluence instance · Target must be running a vulnerable version of Confluence
nomisec
WORKING POC
9 stars
by MaskCyberSecurityTeam · remote
https://github.com/MaskCyberSecurityTeam/CVE-2022-26134_Behinder_MemShell
This repository contains a working PoC for CVE-2022-26134, a vulnerability in Apache Struts2, which exploits a remote code execution flaw to deploy a Behinder memory shell. The exploit uses a JavaScript payload to dynamically load and execute a malicious class in memory.
Classification
Working Poc 95%
Target:
Apache Struts2 (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Target server running vulnerable Apache Struts2 · Network access to the target
nomisec
WORKING POC
8 stars
by abhishekmorla · poc
https://github.com/abhishekmorla/CVE-2022-26134
This repository contains a functional exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence. The exploit sends a crafted payload to execute arbitrary commands on vulnerable systems and includes a Shodan script to identify potential targets.
Classification
Working Poc 95%
Target:
Atlassian Confluence (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Target IP list · Network access to vulnerable Confluence instance
nomisec
SCANNER
8 stars
by offlinehoster · poc
https://github.com/offlinehoster/CVE-2022-26134
This repository contains scripts to detect indicators of compromise (IOCs) related to CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence. The scripts check for malicious IPs in logs and verify file hashes of potentially compromised files.
Classification
Scanner 90%
Target:
Atlassian Confluence (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
access to server logs or file system · list of malicious IPs or file hashes
nomisec
WORKING POC
7 stars
by keven1z · poc
https://github.com/keven1z/CVE-2022-26134
This is a functional exploit for CVE-2022-26134, an OGNL injection vulnerability in Confluence Server and Data Center. It constructs a malicious payload to execute arbitrary commands via a crafted URL, leveraging Java's ProcessBuilder for command execution.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server and Data Center (multiple versions)
No auth needed
Prerequisites:
Target must be running a vulnerable version of Confluence · Network access to the target
nomisec
WORKING POC
5 stars
by BBD-YZZ · remote
https://github.com/BBD-YZZ/Confluence-RCE
This repository contains a functional exploit for CVE-2022-26134, a Confluence RCE vulnerability, with a GUI interface for executing commands and reverse shells. The PoC includes multiple Confluence CVEs and supports proxy configurations.
Classification
Working Poc 90%
Target:
Atlassian Confluence
No auth needed
Prerequisites:
Network access to vulnerable Confluence instance · Python environment
nomisec
WORKING POC
4 stars
by Chocapikk · remote
https://github.com/Chocapikk/CVE-2022-26134
This repository contains a functional exploit for CVE-2022-26134, a pre-authentication remote code execution vulnerability in Atlassian Confluence via OGNL injection. The exploit supports both direct command execution and reverse shell payloads, with options for interactive shell sessions.
Classification
Working Poc 95%
Target:
Atlassian Confluence (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Network access to vulnerable Confluence instance · Python 3 environment with required libraries
nomisec
WORKING POC
4 stars
by li8u99 · poc
https://github.com/li8u99/CVE-2022-26134
This is a functional proof-of-concept exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence. It executes arbitrary commands (e.g., 'id') via a crafted URL path and retrieves the output via the 'X-Cmd-Response' header.
Classification
Working Poc 95%
Target:
Atlassian Confluence (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Vulnerable version of Atlassian Confluence
nomisec
WORKING POC
4 stars
by kh4sh3i · poc
https://github.com/kh4sh3i/CVE-2022-26134
This repository contains a Python-based PoC for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence Server and Data Center. The exploit allows unauthenticated remote code execution by injecting malicious OGNL expressions via HTTP requests.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server and Data Center (versions before 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, and 7.18.1)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Target must be running a vulnerable version of Confluence
nomisec
WRITEUP
4 stars
by archanchoudhury · poc
https://github.com/archanchoudhury/Confluence-CVE-2022-26134
This repository provides a detailed analysis of CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence Server and Data Center. It includes detection strategies, mitigation plans, and indicators of compromise (IOCs) but does not contain exploit code.
Classification
Writeup 100%
Target:
Atlassian Confluence Server and Data Center
No auth needed
Prerequisites:
Internet-facing Confluence Server or Data Center instance · Unpatched version of Confluence
nomisec
WORKING POC
4 stars
by Y000o · poc
https://github.com/Y000o/Confluence-CVE-2022-26134
This repository contains a working proof-of-concept exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence. The exploit uses a crafted HTTP request to execute arbitrary commands via the Nashorn JavaScript engine.
Classification
Working Poc 95%
Target:
Atlassian Confluence (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Target Confluence instance exposed to the internet or accessible via network · Nashorn JavaScript engine available in the target environment
nomisec
WORKING POC
4 stars
by alcaparra · poc
https://github.com/alcaparra/CVE-2022-26134
This repository contains a functional proof-of-concept exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence Server and Data Center. The exploit allows unauthenticated remote code execution by injecting a payload that executes arbitrary commands and returns the output in an HTTP response header.
Classification
Working Poc 100%
Target:
Atlassian Confluence Server and Data Center (affected versions)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Vulnerable version of Confluence Server/Data Center
nomisec
SCANNER
3 stars
by cbk914 · poc
https://github.com/cbk914/CVE-2022-26134_check
This repository contains a Python script that checks for the presence of CVE-2022-26134, a remote code execution vulnerability in Atlassian Confluence. The script sends an HTTP GET request to a specific endpoint and checks the response for indicators of vulnerability.
Classification
Scanner 90%
Target:
Atlassian Confluence (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Network access to the target Confluence server
nomisec
WORKING POC
3 stars
by skhalsa-sigsci · remote
https://github.com/skhalsa-sigsci/CVE-2022-26134-LAB
This repository provides a Docker-based vulnerable environment for CVE-2022-26134, an OGNL injection vulnerability in Confluence Server/Data Center. It includes detection via Nuclei, demonstrating unauthenticated RCE via URI-based payloads.
Classification
Working Poc | Scanner 90%
Target:
Atlassian Confluence Server/Data Center (unpatched versions)
No auth needed
Prerequisites:
Docker · Nuclei · vulnerable Confluence instance
nomisec
WRITEUP
3 stars
by Vulnmachines · poc
https://github.com/Vulnmachines/Confluence-CVE-2022-26134
This repository contains a writeup and video PoC for CVE-2022-26134, an unauthenticated OGNL injection vulnerability in Atlassian Confluence Server and Data Center. The vulnerability allows remote code execution without authentication.
Classification
Writeup 90%
Target:
Atlassian Confluence Server and Data Center
No auth needed
Prerequisites:
Network access to the target Confluence instance
nomisec
WORKING POC
3 stars
by KeepWannabe · poc
https://github.com/KeepWannabe/BotCon
This repository contains a functional PoC for CVE-2022-26134, an unauthenticated OGNL injection vulnerability in Atlassian Confluence. The exploit leverages a crafted payload to execute arbitrary commands and retrieve output via HTTP response headers.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server and Data Center (versions after 1.3.0)
No auth needed
Prerequisites:
Network access to vulnerable Confluence instance · Bash environment for script execution
nomisec
WORKING POC
3 stars
by cai-niao98 · remote
https://github.com/cai-niao98/CVE-2022-26134
This is a functional exploit for CVE-2022-26134, an OGNL injection vulnerability in Apache Struts2, allowing remote command execution via crafted payloads. It includes both command execution and reverse shell capabilities.
Classification
Working Poc 95%
Target:
Apache Struts2 (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Target must be running a vulnerable version of Apache Struts2 · Network access to the target
nomisec
WORKING POC
3 stars
by CatAnnaDev · poc
https://github.com/CatAnnaDev/CVE-2022-26134
This is a functional exploit for CVE-2022-26134, targeting an OGNL injection vulnerability in Atlassian Confluence. It supports reverse shell execution and file reading via crafted payloads sent to the vulnerable endpoint.
Classification
Working Poc 95%
Target:
Atlassian Confluence (All LTS <= 7.13.6 and all others <= 7.18.0)
No auth needed
Prerequisites:
Network access to the vulnerable Confluence instance · Nashorn JavaScript engine available on the target
nomisec
WORKING POC
3 stars
by kyxiaxiang · poc
https://github.com/kyxiaxiang/CVE-2022-26134
This PoC exploits CVE-2022-26134, a remote code execution vulnerability in Apache Struts2, by sending a crafted HTTP request with an OGNL expression to execute arbitrary commands. The script reads target URLs from a file and checks for vulnerability by executing the 'id' command.
Classification
Working Poc 90%
Target:
Apache Struts2 (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
List of target URLs in a file named 'url.txt'
nomisec
WORKING POC
2 stars
by p4b3l1t0 · remote
https://github.com/p4b3l1t0/confusploit
This is a functional exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence Server and Data Center. It allows unauthenticated remote code execution by injecting a payload via a crafted URL.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server and Data Center
No auth needed
Prerequisites:
Target must be running a vulnerable version of Atlassian Confluence Server or Data Center · Network access to the target
nomisec
WORKING POC
2 stars
by Yuri08loveElaina · remote
https://github.com/Yuri08loveElaina/CVE-2022-26134
This repository contains a functional Python exploit for CVE-2022-26134, an unauthenticated OGNL injection vulnerability in Atlassian Confluence. The exploit supports command execution, reverse shells, file uploads, and log cleaning.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server 7.3.5
No auth needed
Prerequisites:
Python 3.x · Network access to target Confluence server
nomisec
WORKING POC
2 stars
by f4yd4-s3c · remote
https://github.com/f4yd4-s3c/cve-2022-26134
This is a functional exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence. It allows remote command execution by leveraging an OGNL expression to execute arbitrary commands and retrieve their output via HTTP headers.
Classification
Working Poc 95%
Target:
Atlassian Confluence (versions 1.3.0 to 7.18.1, excluding patched versions)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Vulnerable version of Atlassian Confluence
nomisec
WORKING POC
2 stars
by b4dboy17 · remote
https://github.com/b4dboy17/CVE-2022-26134
This repository contains a functional Python-based proof-of-concept exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence. The exploit allows unauthenticated remote code execution by injecting a malicious payload into the target URL, which executes arbitrary commands and returns the output via the 'X-Cmd-Response' header.
Classification
Working Poc 100%
Target:
Atlassian Confluence Server and Data Center (versions after 1.3.0 and below 7.18.1)
No auth needed
Prerequisites:
Python 3.3+ · Target must be running a vulnerable version of Atlassian Confluence · Network access to the target
nomisec
WORKING POC
2 stars
by twoning · poc
https://github.com/twoning/CVE-2022-26134-PoC
This PoC exploits CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence, allowing unauthenticated remote code execution via crafted HTTP requests. The script uses the `pocsuite3` framework to verify and exploit the vulnerability by injecting an OGNL expression that executes the `id` command.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server/Data Center
No auth needed
Prerequisites:
Network access to the target Confluence instance · Vulnerable version of Confluence
nomisec
WORKING POC
2 stars
by Debajyoti0-0 · remote
https://github.com/Debajyoti0-0/CVE-2022-26134
This repository contains a functional Python-based proof-of-concept exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence. The exploit allows unauthenticated remote code execution by injecting a malicious payload into the target URL, which leverages Java runtime commands to execute arbitrary system commands.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server and Data Center (versions after 1.3.0 and below 7.18.1)
No auth needed
Prerequisites:
Python 3.3+ · Target Confluence instance accessible via HTTP/HTTPS · Network connectivity to the target
nomisec
WORKING POC
2 stars
by ColdFusionX · poc
https://github.com/ColdFusionX/CVE-2022-26134
This repository provides a working proof-of-concept exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence. The exploit leverages a crafted payload to achieve remote code execution (RCE) by injecting OGNL expressions that execute system commands.
Classification
Working Poc 95%
Target:
Atlassian Confluence 7.13.6
No auth needed
Prerequisites:
Docker environment for testing · Network access to the target Confluence instance
nomisec
WORKING POC
2 stars
by Brucetg · poc
https://github.com/Brucetg/CVE-2022-26134
This is a functional PoC for CVE-2022-26134, an unauthenticated OGNL injection vulnerability in Atlassian Confluence. It exploits the vulnerability to execute arbitrary commands via a crafted payload and retrieves the output via the X-Response header.
Classification
Working Poc 95%
Target:
Atlassian Confluence (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Target must be running a vulnerable version of Atlassian Confluence · Network access to the target
nomisec
WORKING POC
1 stars
by 404fu · remote
https://github.com/404fu/CVE-2022-26134-POC
This is a Python-based exploit for CVE-2022-26134, an OGNL injection vulnerability in Confluence. It allows remote command execution by crafting a malicious URL with an OGNL payload that executes arbitrary commands and returns the output via a custom HTTP header.
Classification
Working Poc 95%
Target:
Atlassian Confluence (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Vulnerable version of Confluence
nomisec
WORKING POC
1 stars
by acfirthh · remote
https://github.com/acfirthh/CVE-2022-26134
This is a functional PoC for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence Server and Data Center. It allows unauthenticated remote code execution by injecting malicious OGNL expressions via a crafted HTTP request.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server and Data Center (versions 1.3.0-7.4.17, 7.13.0-7.13.7, 7.14.0-7.14.3, 7.15.0-7.17.4, 7.18.0-7.18.1)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Python environment with 'requests' and 'BeautifulSoup' libraries
nomisec
WORKING POC
1 stars
by kelemaoya · remote
https://github.com/kelemaoya/CVE-2022-26134
This PoC exploits CVE-2022-26134, a remote code execution vulnerability in Atlassian Confluence. It uses an OGNL injection via a crafted URL to execute arbitrary commands (e.g., 'id') and retrieves the output via the 'X-Cmd-Response' header.
Classification
Working Poc 90%
Target:
Atlassian Confluence (all versions)
No auth needed
Prerequisites:
Target must be running a vulnerable version of Atlassian Confluence · Network access to the target
nomisec
WORKING POC
1 stars
by kailing0220 · remote
https://github.com/kailing0220/CVE-2022-26134
This PoC exploits CVE-2022-26134, an OGNL injection vulnerability in Confluence Server and Data Center, allowing unauthenticated remote code execution via a crafted URL. The script uses the pocsuite3 framework to verify and exploit the vulnerability by executing the 'id' command.
Classification
Working Poc 90%
Target:
Atlassian Confluence Server and Data Center
No auth needed
Prerequisites:
Target must be running a vulnerable version of Confluence Server or Data Center
nomisec
WORKING POC
1 stars
by coskper-papa · poc
https://github.com/coskper-papa/CVE-2022-26134
This exploit leverages an OGNL injection vulnerability in Apache Struts2 (CVE-2022-26134) to execute arbitrary commands on the target system. The payload uses reflection to invoke Java Runtime.exec() and returns the command output via an HTTP response header.
Classification
Working Poc 95%
Target:
Apache Struts2 (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Target must be running a vulnerable version of Apache Struts2 · Network access to the target
nomisec
WRITEUP
1 stars
by r1skkam · poc
https://github.com/r1skkam/TryHackMe-Atlassian-CVE-2022-26134
This repository is a writeup for CVE-2022-26134, an unauthenticated RCE vulnerability in Atlassian Confluence Server and Data Center. It provides explanations, references, and links to exploitation resources but does not contain actual exploit code.
Classification
Writeup 90%
Target:
Atlassian Confluence Server and Data Center
No auth needed
Prerequisites:
Access to a vulnerable Confluence instance
nomisec
WORKING POC
1 stars
by Habib0x0 · poc
https://github.com/Habib0x0/CVE-2022-26134
This is a functional Ruby exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence allowing unauthenticated remote code execution. The script sends a crafted HTTP request to execute arbitrary commands via OGNL injection and retrieves output via response headers.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server and Data Center (versions before the fix)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Vulnerable version of Confluence (pre-patch)
nomisec
WORKING POC
1 stars
by reubensammut · poc
https://github.com/reubensammut/cve-2022-26134
This repository contains a Python-based exploit for CVE-2022-26134, targeting a command injection vulnerability in Apache Struts2. The exploit bypasses `isSafeExpression` checks and supports both single-command execution and an interactive shell mode.
Classification
Working Poc 95%
Target:
Apache Struts2 (versions including 7.18.0)
No auth needed
Prerequisites:
Network access to the target Struts2 application · Vulnerable version of Struts2
nomisec
SCANNER
1 stars
by ma1am · poc
https://github.com/ma1am/CVE-2022-26134-Exploit-Detection
This repository provides a Yara rule for detecting exploits targeting CVE-2022-26134, a critical RCE vulnerability in Atlassian Confluence. It includes instructions for using ClamAV to scan for indicators of compromise.
Classification
Scanner 90%
Target:
Atlassian Confluence (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
ClamAV installed · Yara rule file
nomisec
WORKING POC
1 stars
by 0xAgun · poc
https://github.com/0xAgun/CVE-2022-26134
This exploit leverages CVE-2022-26134, an OGNL injection vulnerability in Apache Struts2, to execute arbitrary commands via a crafted payload. The payload uses runtime execution and response header manipulation to return command output.
Classification
Working Poc 95%
Target:
Apache Struts2 (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Target must be running a vulnerable version of Apache Struts2 · Network access to the target
nomisec
WORKING POC
1 stars
by axingde · remote
https://github.com/axingde/CVE-2022-26134
This PoC exploits CVE-2022-26134, an OGNL injection vulnerability in Apache Struts2, to execute arbitrary commands (e.g., 'id') via a crafted URL. The exploit leverages the vulnerable endpoint to trigger command execution and retrieves the output via a custom HTTP header.
Classification
Working Poc 95%
Target:
Apache Struts2 (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Target must be running a vulnerable version of Apache Struts2 · Network access to the target
nomisec
WORKING POC
1 stars
by shamo0 · poc
https://github.com/shamo0/CVE-2022-26134
This repository contains a functional PoC exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence Server and Data Center. The exploit leverages unauthenticated remote code execution via a crafted URI path to execute arbitrary commands on the target system.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server and Data Center (versions prior to 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, and 7.18.1)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Target must be running a vulnerable version of Confluence
nomisec
WORKING POC
by crypt0lith · remote
https://github.com/crypt0lith/confluence-ognl-rce
This repository contains a functional Python exploit for CVE-2022-26134, an unauthenticated OGNL injection vulnerability in Atlassian Confluence. The exploit supports RCE via base64-encoded commands, file reads, and reverse shells, with additional features like vulnerability checks and interface-to-address resolution.
Classification
Working Poc 95%
Target:
Atlassian Confluence Data Center and Server (versions 1.3.0 to 7.4.16, 7.13.0 to 7.13.6, 7.14.0 to 7.14.2, 7.15.0 to 7.15.1, 7.16.0 to 7.16.3, 7.17.0 to 7.17.3, 7.18.0)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Python 3 environment with required libraries (requests, bs4)
gitlab
WORKING POC
by 0xSamy · poc
https://gitlab.com/0xSamy/cve-2022-26134
The repository contains a functional Python exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence. The exploit sends a crafted payload to execute arbitrary commands on vulnerable Confluence Server or Data Center instances, with the output returned in the 'X-Cmd-Response' header.
Classification
Working Poc 100%
Target:
Atlassian Confluence Server and Data Center (versions after 1.3.0 and below 7.18.1)
No auth needed
Prerequisites:
Python 3.3+ · requests library · BeautifulSoup library
gitlab
WORKING POC
by digipenguin · remote
https://gitlab.com/digipenguin/CVE-2022-26134
This repository contains a functional Python exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence. The exploit sends a crafted payload to execute arbitrary commands on vulnerable Confluence Server or Data Center instances, with the output returned in the 'X-Cmd-Response' header.
Classification
Working Poc 100%
Target:
Atlassian Confluence Server and Data Center (versions after 1.3.0 and below 7.18.1)
No auth needed
Prerequisites:
Python 3.3+ · requests library · BeautifulSoup library
nomisec
WORKING POC
by thetowsif · remote
https://github.com/thetowsif/CVE-2022-26134
This is a Python-based exploit for CVE-2022-26134, an unauthenticated remote code execution vulnerability in Atlassian Confluence Server and Data Center. It leverages OGNL injection to execute arbitrary commands on vulnerable systems.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server and Data Center (versions > 7.18.1)
No auth needed
Prerequisites:
Target must be running a vulnerable version of Atlassian Confluence · Network access to the target system
nomisec
STUB
by tpdlshdmlrkfmcla · poc
https://github.com/tpdlshdmlrkfmcla/cve-2022-26134
The repository contains only a README.md with minimal and incomplete information about CVE-2022-26134, mentioning Atlassian Confluence Data Center 2016 and OGNL injection. No functional exploit code or technical details are provided.
Target:
Atlassian Confluence Data Center 2016
No auth needed
Prerequisites:
none specified
nomisec
WORKING POC
by Khalidhaimur · remote
https://github.com/Khalidhaimur/CVE-2022-26134
This repository provides a functional proof-of-concept exploit for CVE-2022-26134, an unauthenticated RCE vulnerability in Atlassian Confluence. The exploit leverages OGNL injection via the Nashorn JavaScript engine to execute a reverse shell payload.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server and Data Center (versions before the patched release)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Listener set up on the attacking machine
nomisec
WORKING POC
by Gilospy · poc
https://github.com/Gilospy/CVE-2022-26134
This PoC exploits CVE-2022-26134, an OGNL injection vulnerability in Confluence Server, allowing remote command execution via crafted HTTP requests. It includes interactive command execution and a backdoor creation feature using netcat.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Network access to target Confluence Server on port 8090 · Vulnerable version of Confluence Server
nomisec
WORKING POC
by cc3305 · remote
https://github.com/cc3305/CVE-2022-26134
This is a functional exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence Server and Data Center. It allows unauthenticated remote code execution by crafting a malicious request that executes arbitrary commands via Runtime.exec().
Classification
Working Poc 95%
Target:
Atlassian Confluence Server and Data Center (versions > 1.3.0 and < 7.4.17, < 7.13.7, < 7.14.3, < 7.15.2, < 7.16.4, < 7.17.4, < 7.18.1)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Target must be running a vulnerable version
nomisec
WORKING POC
by xsxtw · poc
https://github.com/xsxtw/CVE-2022-26134
This is a functional exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence allowing pre-authentication remote code execution. The exploit sends a crafted HTTP request with an OGNL payload to execute arbitrary commands on the target system.
Classification
Working Poc 95%
Target:
Atlassian Confluence (affected versions)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Vulnerable version of Confluence
nomisec
WORKING POC
by DARKSTUFF-LAB · remote
https://github.com/DARKSTUFF-LAB/-CVE-2022-26134
This repository contains a functional exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence Server and Data Center. The exploit allows unauthenticated remote code execution by injecting a malicious OGNL expression into the target URL.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server and Data Center (versions < 7.4.17, < 7.18.1)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Python 3 environment with 'requests' library
nomisec
WORKING POC
by yTxZx · remote
https://github.com/yTxZx/CVE-2022-26134
This is a functional PoC for CVE-2022-26134, an OGNL injection vulnerability in Confluence Server and Data Center. The script exploits the vulnerability to execute arbitrary commands via a crafted URI, retrieving the output in the response headers.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server and Data Center (versions >= 1.3.0 and < 7.4.17, < 7.13.7, < 7.14.3, < 7.15.2, < 7.16.4, < 7.17.4, < 7.18.1)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Target must be running a vulnerable version of Confluence
nomisec
WRITEUP
by Muhammad-Ali007 · poc
https://github.com/Muhammad-Ali007/Atlassian_CVE-2022-26134
This repository contains a detailed writeup on CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence leading to unauthenticated remote code execution. It includes exploitation details, detection methods, and patching guidance.
Classification
Writeup 100%
Target:
Atlassian Confluence Server and Data Center (versions 1.3.0 to 7.18.1, excluding patched versions)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Vulnerable version of Confluence
nomisec
WORKING POC
by wjlin0 · remote
https://github.com/wjlin0/CVE-2022-26134
This Go-based PoC exploits CVE-2022-26134, an OGNL injection vulnerability in Apache Struts2, to achieve remote command execution via crafted HTTP requests. It checks for vulnerability presence and allows interactive command execution on vulnerable targets.
Classification
Working Poc 95%
Target:
Apache Struts2 (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Network access to vulnerable Struts2 instance · Exposed endpoint with vulnerable configuration
nomisec
WORKING POC
by xanszZZ · remote
https://github.com/xanszZZ/ATLASSIAN-Confluence_rce
This is a functional PoC for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence Server and Data Center. The exploit leverages the `pocsuite3` framework to execute arbitrary commands (e.g., `id`) via a crafted URL and checks for the presence of the `X-Cmd-Response` header in the response.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server and Data Center (versions 1.3.0 to 7.4.16, 7.13.0 to 7.13.6, 7.14.0 to 7.14.2, 7.15.0 to 7.15.1, 7.16.0 to 7.16.3, 7.17.0 to 7.17.3, 7.18.0)
No auth needed
Prerequisites:
Target must be running a vulnerable version of Atlassian Confluence · Network access to the target server
nomisec
WORKING POC
by latings · remote
https://github.com/latings/CVE-2022-26134
This is a functional PoC for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence allowing unauthenticated remote code execution. The script sends a crafted HTTP request to trigger the vulnerability and checks for the presence of command execution output in the response headers.
Classification
Working Poc 95%
Target:
Atlassian Confluence < 7.18.1
No auth needed
Prerequisites:
Network access to the target Confluence instance
nomisec
WORKING POC
by yyqxi · remote
https://github.com/yyqxi/CVE-2022-26134
This PoC exploits CVE-2022-26134, a remote code execution vulnerability in Atlassian Confluence. It uses an OGNL injection via a crafted URL to execute arbitrary commands (e.g., 'id') and retrieves the output via the 'X-Cmd-Response' header.
Classification
Working Poc 90%
Target:
Atlassian Confluence (all versions)
No auth needed
Prerequisites:
Network access to the target Confluence instance
nomisec
WORKING POC
by CJ-0107 · remote
https://github.com/CJ-0107/cve-2022-26134
This is a PoC for CVE-2022-26134, a remote code execution vulnerability in Atlassian Confluence. The exploit uses a crafted URL with OGNL injection to execute arbitrary commands (e.g., 'id') and retrieves the output via the 'X-Cmd-Response' header.
Classification
Working Poc 90%
Target:
Atlassian Confluence
No auth needed
Prerequisites:
Target must be running a vulnerable version of Atlassian Confluence · Network access to the target
nomisec
WORKING POC
by yigexioabai · remote
https://github.com/yigexioabai/CVE-2022-26134-cve1
This PoC exploits CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence, to achieve remote code execution. It sends a crafted HTTP request with an OGNL payload to execute the 'id' command and retrieves the output via the 'X-Cmd-Response' header.
Classification
Working Poc 90%
Target:
Atlassian Confluence
No auth needed
Prerequisites:
Target must be running a vulnerable version of Atlassian Confluence · Network access to the target
nomisec
WORKING POC
by shiftsansan · poc
https://github.com/shiftsansan/CVE-2022-26134-Console
This PoC exploits CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence, allowing remote command execution via a crafted payload. It checks the target version and executes arbitrary commands, returning the output via an HTTP header.
Classification
Working Poc 95%
Target:
Atlassian Confluence (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Target must be vulnerable to CVE-2022-26134
nomisec
WORKING POC
by Luchoane · poc
https://github.com/Luchoane/CVE-2022-26134_conFLU
This repository contains a functional proof-of-concept exploit for CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence. The exploit allows remote command execution by leveraging the vulnerable endpoint to execute arbitrary commands via a crafted payload.
Classification
Working Poc 95%
Target:
Atlassian Confluence (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Vulnerable version of Atlassian Confluence
nomisec
SCANNER
by sunny-kathuria · poc
https://github.com/sunny-kathuria/exploit_CVE-2022-26134
This repository contains a scanner for CVE-2022-26134, an OGNL injection vulnerability in Confluence Server/Data Center. It queries Shodan for potential targets and checks for vulnerability by executing a 'whoami' command via the payload.
Classification
Scanner 90%
Target:
Atlassian Confluence Server/Data Center
No auth needed
Prerequisites:
Shodan API key · Python environment with required libraries
nomisec
SCANNER
by vesperp · poc
https://github.com/vesperp/CVE-2022-26134-Confluence
This repository contains a Python script that scans for CVE-2022-26134, a remote code execution vulnerability in Atlassian Confluence. The script checks for the presence of the vulnerability by attempting to execute the 'id' command and checking for a response containing 'uid'.
Classification
Scanner 90%
Target:
Atlassian Confluence
No auth needed
Prerequisites:
A list of target URLs in a file named 'target.txt'
vulncheck_xdb
WORKING POC
remote
https://github.com/Agentgilspy/CVE-2022-26134
This repository contains a functional exploit for CVE-2022-26134, an OGNL injection vulnerability in Confluence Server. The exploit allows remote command execution by crafting a malicious payload that is sent to the target server, leveraging the vulnerable endpoint to execute arbitrary commands.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server
No auth needed
Prerequisites:
Target must be running a vulnerable version of Confluence Server · Network access to the target server on port 8090
metasploit
WORKING POC
EXCELLENT
by Unknown, bturner-r7, jbaines-r7, Spencer McIntyre · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/atlassian_confluence_namespace_ognl_injection.rb
This Metasploit module exploits CVE-2022-26134, an OGNL injection vulnerability in Atlassian Confluence, to achieve remote code execution. It uses a crafted URI to inject OGNL expressions, enabling command execution on Unix and Windows systems.
Classification
Working Poc 100%
Target:
Atlassian Confluence (versions affected by CVE-2022-26134)
No auth needed
Prerequisites:
Network access to the Confluence server · Confluence server exposed on port 8090 (default)