Monday, June 13, 2022
HomeHackerEasy Honeypot For Atlassian Confluence (CVE-2022-26134)

Easy Honeypot For Atlassian Confluence (CVE-2022-26134)




ConfluencePot is an easy honeypot for the Atlassian Confluence unauthenticated and distant OGNL injection vulnerability (CVE-2022-26134).

Concerning the vulnerability

You’ll find the official advisory by Atlassian to this vulerability right here. For particulars in regards to the internal workings and exploits within the wild it is best to check with the studies by Rapid7 and Cloudflare. Affected however not but patched methods ought to be deemed compromised till additional investigation.

Concerning the instrument

ConfluencePot is written in Golang and implements its personal HTTPS server to attenuate the general assault floor. To make it seem like a legit Confluence occasion it returns a bare-bones model of a Confluence touchdown web page. Log output is written to stdout and a log file on disk. ConfluencePot DOES NOT permit attackers to execute instructions/code in your machine, it solely logs requests and returns a bogus response.

Constructing & Operating it

You want a latest model of Golang to run/construct confluencePot and the suitable privileges to bind to port 443. We suggest to execute it in a tmux session for simpler dealing with. To run ConfluencePot you both have to create a self-signed TLS certificates with openssl or request one from e.g. Let’s Encrypt.

go construct confluencePot.go
./confluencePot

Testing and Points

ConfluencePot was examined utilizing the general public exploit by Nwqda, which appears to be essentially the most used variant within the wild on the time of writing. Should you discover something fallacious with confluencePot please be happy to open a problem or ship us a pull request.

Observe us on Twitter –> @SI_FalconTeam <– to remain updated with our newest analysis. Keep protected!



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments