nmap-CVE-2022-29464 is an NSE script for detecting CVE-2022-29464 vulnerability. Unauthorized and unrestricted arbitrary file transfer vulnerability that allows unauthenticated attackers to obtain RCEs on WSO2 servers by sending malicious JSP files.

See good writeup and PoC here.

┌──(kali㉿kali)-[~/nmap-CVE-2022-29464]
└─$ nmap 127.0.0.1 --script=./nmap-CVE-2022-29464.nse
(...)
PORT   STATE SERVICE
80/tcp open  http
| nmap-CVE-2022-29464:
|   VULNERABLE:
|   CVE-2022-29464
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2022-29464
|     Check results:
|       127.0.0.1:8080/authenticationendpoint/shell.jsp
|     References:
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29464

We can use several variables in the script. These are as follows:

• path - relative url. On https://bugspace.pl/fileupload/toolsAny it will be /fileupload/toolsAny. The default path is /fileupload/toolsAny,
• filename - file name on the server. The default name is shell.jsp.

Soon

Same as Nmap. See https://nmap.org/book/man-legal.html