Skip to content

Repository containing nse script for vulnerability CVE-2022-29464 known as WSO2 RCE.

Notifications You must be signed in to change notification settings

gpiechnik2/nmap-CVE-2022-29464

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 

Repository files navigation

nmap-CVE-2022-29464

nmap-CVE-2022-29464 is an NSE script for detecting CVE-2022-29464 vulnerability. Unauthorized and unrestricted arbitrary file transfer vulnerability that allows unauthenticated attackers to obtain RCEs on WSO2 servers by sending malicious JSP files.

Vulnerability

See good writeup and PoC here.

Usage

┌──(kali㉿kali)-[~/nmap-CVE-2022-29464]
└─$ nmap 127.0.0.1 --script=./nmap-CVE-2022-29464.nse
(...)
PORT   STATE SERVICE
80/tcp open  http
| nmap-CVE-2022-29464:
|   VULNERABLE:
|   CVE-2022-29464
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2022-29464
|     Check results:
|       127.0.0.1:8080/authenticationendpoint/shell.jsp
|     References:
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29464

Arguments

We can use several variables in the script. These are as follows:

  • path - relative url. On https://bugspace.pl/fileupload/toolsAny it will be /fileupload/toolsAny. The default path is /fileupload/toolsAny,
  • filename - file name on the server. The default name is shell.jsp.

Tests

Soon

License

Same as Nmap. See https://nmap.org/book/man-legal.html

About

Repository containing nse script for vulnerability CVE-2022-29464 known as WSO2 RCE.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages