Implementation of CVE-2022-26134
This repository contains my implementation of the exploit for CVE-2022-26134. The version implemented here
bypasses the isSafeExpression checks in versions such as 7.18.0.
The exploit can be run in two modes:
The first mode allows you to run one command at a time:
python3 cve-2022-26134.py <host> <command>This would return the output of the command if it succeeds or display an empty line if not
The second mode to run this command is interactive mode:
python3 cve-2022-26134.py <host> -iThis launches a non persistent interactive shell, where you can type commands, which get executed on the server and then display the results. No state is held between commands.
