😭
WSOB (CVE-2022-29464)
CVE-2022-29464 details:
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0; and WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0.
Source: https://nvd.nist.gov/vuln/detail/CVE-2022-29464
⚡
Installing / Getting started
A quick guide of how to install and use WSOB.
1. Clone the repository - git clone https://github.com/oppsec/wsob.git
2. Install the libraries - pip3 install -r requirements.txt
3. Run WSOB2 - python3 main.py -u https://example.com
⚙️
Pre-requisites
- Python 3 installed on your machine.
- Install the libraries with
pip3 install -r requirements.txt
🔨
Contributing
A quick guide of how to contribute with the project.
1. Create a fork from WSOB repository
2. Download the project with git clone https://github.com/your/wsob.git
3. Make your changes
4. Commit and make a git push
5. Open a pull request
🙏
Credits
- Credits to hakivvi for the original exploit
⚠️
Warning
- The developer is not responsible for any malicious use of this tool.
108 Dec 4, 2021
80 Nov 28, 2022
26 Dec 26, 2022
16 Dec 18, 2022
2 Feb 15, 2022
365 Nov 30, 2022
52 Dec 22, 2022
275 Jan 8, 2023
58 Dec 5, 2022
2 Jan 07, 2022
77 Dec 16, 2022
11 Dec 17, 2022
25 Nov 09, 2022
8 Sep 03, 2022
208 Dec 15, 2022
1.2k Dec 28, 2022
149 Aug 10, 2022
42 Dec 01, 2022
5 May 18, 2022
17 Aug 23, 2021
2 Dec 24, 2021
9 Jun 20, 2022
7 Sep 16, 2022
2 Oct 05, 2022
4 Jan 09, 2022
70 Nov 09, 2022
31 Dec 19, 2022
13 Nov 03, 2022
18 Nov 22, 2021