/TryHackMe-Atlassian-CVE-2022-26134

Atlassian, CVE-2022-26134 An interactive lab showcasing the Confluence Server and Data Center un-authenticated RCE vulnerability.

TryHackMe | Atlassian, CVE-2022-26134

TryHackMe Atlassian CVE-2022-26134

Atlassian, CVE-2022-26134 An interactive lab showcasing the Confluence Server and Data Center un-authenticated RCE vulnerability.

Task 1 Introduction

Confluence | Your Remote-Friendly Team Workspace | Atlassian

NVD - CVE-2022-26134

image

Task 2 Deploy the Vulnerable Machine

http://10.10.186.32:8090/ image

Task 3 Explaining the Vulnerability

OGNL (Object-Graph Navigation Language) expression language for Java

Task 4 Exploit Detection and Patching

Confluence Security Advisory 2022-06-02 | Confluence Data Center and Server 7.18 | Atlassian Documentation

threat-intel/yara.yar at main · volexity/threat-intel

TryHackMe | Yara

Task 5 Exploitation

URL Encode and Decode - Online

image

Task 6 Conclusion

TryHackMe | Recent Threats

image

NVD - CVE-2022-26134

Hunting for Confluence RCE [CVE-2022–26134] | by th3b3ginn3r | Jun, 2022 | Medium

The Confluence RCE Vulnerability (CVE-2022-26134): Overview, Detection, and Remediation | Datadog

Nwqda/CVE-2022-26134: Atlassian Confluence (CVE-2022-26134) - Unauthenticated OGNL injection vulnerability (RCE).</title>

OGNL Injection (OGNL)