POC详情: 002e0c8f894a5b8f603c382c3531dea9b20302bb

来源
https://github.com/smadi0x86/CVE-2021-26084
关联漏洞
标题: Atlassian Confluence Server 注入漏洞 (CVE-2021-26084)
描述:Atlassian Confluence Server是澳大利亚Atlassian公司的一套具有企业知识管理功能,并支持用于构建企业WiKi的协同软件的服务器版本。 Atlassian Confluence Server and Data Center 存在注入漏洞,经过身份验证的用户在Confluence 服务器或数据中心实例上执行任意代码。以下产品及版本收到影响:All 4.x.x versions、All 5.x.x versions、All 6.0.x versions、All 6.1.x ver
描述
Confluence server webwork OGNL injection
介绍
<h1 align="right">
  <br>
  <a href="https://github.com/smadi0x86/CVE-2021-26084"><img src="https://upload.wikimedia.org/wikipedia/commons/thumb/8/88/Atlassian_Confluence_2017_logo.svg/2560px-Atlassian_Confluence_2017_logo.svg.png" alt="confluence.logo"></a>
  <br>
  CVE-2021-26084
  <br>
</h1>

<h3 align="center">An OGNL injection vulnerability exists that would allow an authenticated user and in some instances unauthenticated user to execute arbitrary code on a confluence server or data center instance.</h3>

<p align="center">
  <a href="">
    <img src="https://img.shields.io/badge/python-py-yellow.svg">
    <img src="https://img.shields.io/badge/General-Exploits-black.svg">
  </a>
  </p>

## ✅ QueryString param request :

![131630570-857df5dd-525d-43ec-9466-5c92ac9c1322](https://user-images.githubusercontent.com/75253629/132122042-3df60e2a-4105-4648-8b65-2a31347b64a6.png)

## ☢️ Usage :
``$ python3 CVE-2021-26084_Confluence.py -u http://website.com``

## 📜 References :
- https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
- https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md

## ⚠️ Disclaimer :
- I am not responsible for any misuse of this information, its only for education purposes 

## 📞 Contact :
<p align="center">
<a href="https://linkedin.com/in/saud-smadi" target="blank"><img align="center" src="https://cdn.jsdelivr.net/npm/simple-icons@3.0.1/icons/linkedin.svg" alt="smadi" height="25" width="25" /></a>
<a href="https://twitter.com/@smadi0x86" target="blank"><img align="center" src="https://cdn.jsdelivr.net/npm/simple-icons@7.5.0/icons/twitter.svg" alt="smadi" height="25" width="25" /></a>
<a href="https://t.me/rootsmadi" target="blank"><img align="center" src="https://cdn.jsdelivr.net/npm/simple-icons@3.0.1/icons/telegram.svg" alt="smadi" height="25" width="25" /></a>
<a href="https://smadi0x86-blog.gitbook.io/smadi0x86-blog/" target="blank"><img align="center" src="https://cdn.jsdelivr.net/npm/simple-icons@7.5.0/icons/gitbook.svg" alt="smadi" height="25" width="25" /></a>
</p>
文件快照

 [4.0K]  /data/pocs/002e0c8f894a5b8f603c382c3531dea9b20302bb
├── [3.2K]  CVE-2021-26084_Confluence.py
├── [2.0K]  README.md
└── [6.6K]  vulnsites.txt

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。