Skip to content

jax7sec/CVE-2022-22954

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

CVE-2022-22954.py

CVE-2022-22954.py

 
 

README.md

README.md

 
 

rce_mode.png

rce_mode.png

 
 

requirements.txt

requirements.txt

 
 

scan_mode.png

scan_mode.png

 
 

Repository files navigation

CVE-2022-22954

漏洞描述

Workspace ONE Access 提供统一应用门户,通过门户可安全访问企业的所有应用,可用于单点登录。CVE-2022-22954 中,攻击者可构造恶意请求造成模板注入,执行任意代码,控制服务器。

参考文章

https://www.tenable.com/blog/vmware-patches-multiple-vulnerabilities-in-workspace-one-vmsa-2022-0011

使用说明

批量扫描模式

python3 CVE-2022-22954.py -m scan -f 123.txt

scan_mode

命令执行模式

python3 CVE-2022-22954.py -u https://xxx.xxx.com:8443 -c id

rce_mode

About

提供批量扫描URL以及执行命令功能。Workspace ONE Access 模板注入漏洞,可执行任意代码

Resources

Readme
Activity

Stars

11 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages