CVE-2022-26134

Implementation of CVE-2022-26134

This repository contains my implementation of the exploit for CVE-2022-26134. The version implemented here bypasses the isSafeExpression checks in versions such as 7.18.0.

The exploit can be run in two modes:

The first mode allows you to run one command at a time:

python3 cve-2022-26134.py <host> <command>

This would return the output of the command if it succeeds or display an empty line if not

The second mode to run this command is interactive mode:

python3 cve-2022-26134.py <host> -i

This launches a non persistent interactive shell, where you can type commands, which get executed on the server and then display the results. No state is held between commands.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
assets		assets
.DS_Store		.DS_Store
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
cve-2022-26134.py		cve-2022-26134.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2022-26134

About

Releases

Packages

Languages

License

reubensammut/cve-2022-26134

Folders and files

Latest commit

History

Repository files navigation

CVE-2022-26134

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages