# N/A
## 概述
Atlassian Confluence Server中的Widget Connector宏存在漏洞,允许远程攻击者通过服务器端模板注入实现路径遍历和远程代码执行。
## 影响版本
- 6.6.x系列:6.6.12之前的版本
- 6.12.x系列:6.7.0至6.12.3之前的版本
- 6.13.x系列:6.13.0至6.13.3之前的版本
- 6.14.x系列:6.14.0至6.14.2之前的版本
## 细节
攻击者可以利用Widget Connector宏中的漏洞,通过服务器端模板注入技术,在Confluence Server或Data Center实例上执行路径遍历和远程代码执行操作。
## 影响
该漏洞可能导致攻击者未经授权访问系统文件并执行恶意代码,从而危及数据安全和系统稳定性。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Confluence Widget Connector RCE | https://github.com/dothanthitiendiettiende/CVE-2019-3396 | POC详情 |
| 2 | Confluence Widget Connector path traversal (CVE-2019-3396) | https://github.com/x-f1v3/CVE-2019-3396 | POC详情 |
| 3 | None | https://github.com/xiaoshuier/CVE-2019-3396 | POC详情 |
| 4 | CVE-2019-3396 confluence SSTI RCE | https://github.com/Yt1g3r/CVE-2019-3396_EXP | POC详情 |
| 5 | Confluence 未授权 RCE (CVE-2019-3396) 漏洞 | https://github.com/jas502n/CVE-2019-3396 | POC详情 |
| 6 | Confluence Widget Connector RCE | https://github.com/pyn3rd/CVE-2019-3396 | POC详情 |
| 7 | None | https://github.com/s1xg0d/CVE-2019-3396 | POC详情 |
| 8 | Confluence Widget Connector RCE - ptquan | https://github.com/quanpt103/CVE-2019-3396 | POC详情 |
| 9 | Confluence Widget Connector path traversal (CVE-2019-3396) | https://github.com/vntest11/confluence_CVE-2019-3396 | POC详情 |
| 10 | https://github.com/Yt1g3r/CVE-2019-3396_EXP.git | https://github.com/tanw923/test1 | POC详情 |
| 11 | CVE-2019-3396 漏洞验证txt与模板文件。 | https://github.com/skommando/CVE-2019-3396-confluence-poc | POC详情 |
| 12 | TEST | https://github.com/JonathanZhou348/CVE-2019-3396TEST | POC详情 |
| 13 | None | https://github.com/am6539/CVE-2019-3396 | POC详情 |
| 14 | For test | https://github.com/W2Ning/CVE-2019-3396 | POC详情 |
| 15 | windows.vm | https://github.com/yuehanked/cve-2019-3396 | POC详情 |
| 16 | None | https://github.com/abdallah-elsharif/cve-2019-3396 | POC详情 |
| 17 | None | https://github.com/46o60/CVE-2019-3396_Confluence | POC详情 |
| 18 | Confluence unauthorize template injection | https://github.com/PetrusViet/cve-2019-3396 | POC详情 |
| 19 | None | https://github.com/0xNinjaCyclone/cve-2019-3396 | POC详情 |
| 20 | CVE-2019-3396 Memshell for Behinder | https://github.com/Avento/CVE-2019-3396-Memshell-for-Behinder | POC详情 |
| 21 | The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-3396.yaml | POC详情 |
| 22 | None | https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Atlassian%20Confluence%20preview%20SSTI%E6%A8%A1%E7%89%88%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CVE-2019-3396.md | POC详情 |
| 23 | None | https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Atlassian%20Confluence%20%E8%B7%AF%E5%BE%84%E7%A9%BF%E8%B6%8A%E4%B8%8E%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2019-3396.md | POC详情 |
| 24 | None | https://github.com/chaitin/xray-plugins/blob/main/poc/manual/confluence-cve-2019-3396-lfi.yml | POC详情 |
| 25 | https://github.com/vulhub/vulhub/blob/master/confluence/CVE-2019-3396/README.md | POC详情 | |
| 26 | CVE-2019-3396 confluence SSTI RCE | https://github.com/kh4sh3i/CVE-2019-3396 | POC详情 |
| 27 | None | https://github.com/HK4zCzi/CVE-2019-3396-Velocity-Server-Side-Template-Injection | POC详情 |
| 28 | None | https://github.com/tno01/cve-2019-3396 | POC详情 |
暂无评论