CVE-2022-26134 (Confluence) – OGNL Injection

Question

For Question 6. Look at the first exploit attempt by this attacker. What command did they run?

I am wondering about why when sharing the commands found in the logs, it still outputs wrong. even if typing in "X-Cmd-Response" as the command as well as the entire string found. Wondering if they are exepecting a different format/snippet of the code, or the GET requests instead?

samdickison · Answer

Hi kevinh​ I've asked for one of our team to help you out with this...

autom8on · Answer

You need to look more closely at the contents of the request that was sent - the command they ran is encapsulated in the "exec" command in there somewhere...&nbsp;&nbsp;

chriskershaw · Answer

Hey kevinh​&nbsp;Thank you for raising a post; I'm sorry that you are encountering some issues solving the lab.
I have submitted this to our Cyber Team, to see if they can review what you've tried to solve Task 6 in the lab, and to reach back with some additional guidance to help. Can you leave this with us, and we'll reach back as soon as any information becomes available?

chriskershaw · Answer

Hi kevinh​&nbsp;I spoke with the Cyber Team. They also confirmed that the additional guidance shared by autom8on​ is correct, so this should help you to solve the task in the lab.I hope this is enough to help you 👍🏻