nmap-CVE-2022-29464

nmap-CVE-2022-29464 is an NSE script for detecting CVE-2022-29464 vulnerability. Unauthorized and unrestricted arbitrary file transfer vulnerability that allows unauthenticated attackers to obtain RCEs on WSO2 servers by sending malicious JSP files.

Vulnerability

See good writeup and PoC here.

Usage

┌──(kali㉿kali)-[~/nmap-CVE-2022-29464]
└─$ nmap 127.0.0.1 --script=./nmap-CVE-2022-29464.nse
(...)
PORT   STATE SERVICE
80/tcp open  http
| nmap-CVE-2022-29464:
|   VULNERABLE:
|   CVE-2022-29464
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2022-29464
|     Check results:
|       127.0.0.1:8080/authenticationendpoint/shell.jsp
|     References:
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29464

Arguments

We can use several variables in the script. These are as follows:

path - relative url. On https://bugspace.pl/fileupload/toolsAny it will be /fileupload/toolsAny. The default path is /fileupload/toolsAny,
filename - file name on the server. The default name is shell.jsp.

Tests

Soon

License

Same as Nmap. See https://nmap.org/book/man-legal.html

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

nmap-CVE-2022-29464

Vulnerability

Usage

Arguments

Tests

License

Files

README.md

Latest commit

History

README.md

File metadata and controls

nmap-CVE-2022-29464

Vulnerability

Usage

Arguments

Tests

License