nmap-CVE-2022-29464 is an NSE script for detecting CVE-2022-29464 vulnerability. Unauthorized and unrestricted arbitrary file transfer vulnerability that allows unauthenticated attackers to obtain RCEs on WSO2 servers by sending malicious JSP files.
See good writeup and PoC here.
┌──(kali㉿kali)-[~/nmap-CVE-2022-29464]
└─$ nmap 127.0.0.1 --script=./nmap-CVE-2022-29464.nse
(...)
PORT STATE SERVICE
80/tcp open http
| nmap-CVE-2022-29464:
| VULNERABLE:
| CVE-2022-29464
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2022-29464
| Check results:
| 127.0.0.1:8080/authenticationendpoint/shell.jsp
| References:
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29464
We can use several variables in the script. These are as follows:
path
- relative url. Onhttps://bugspace.pl/fileupload/toolsAny
it will be/fileupload/toolsAny
. The default path is/fileupload/toolsAny
,filename
- file name on the server. The default name isshell.jsp
.
Soon
Same as Nmap. See https://nmap.org/book/man-legal.html