Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-15053 PoC — Atlassian Confluence Server HTML Include and replace macro插件跨站脚本漏洞

Source
https://github.com/l0nax/CVE-2019-15053
Associated Vulnerability
Title:Atlassian Confluence Server HTML Include and replace macro插件跨站脚本漏洞 (CVE-2019-15053)
Description:Atlassian Confluence Server是澳大利亚Atlassian公司的一套专业的企业知识管理与协同软件,也可以用于构建企业WiKi。HTML Include and replace macro是其中的一个在HTML中添加Confluence内容的插件。 HTML Include and replace macro插件(Confluence Server)1.5.0之前版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
Description
(FAB-2019-00156) Vulnerability discoverd by me CVE-2019-15053
Readme
# CVE-2019-15053
(FAB-2019-00156) Vulnerability discoverd by me CVE-2019-15053

Advisory: [advisory.txt](./advisory.txt)

## Basic Info

```
Advisory ID..........: FAB-2019-00156
Product..............: HTML Include and replace macro
Manufacturer.........: The Plugin People
Affected Version(s)..: 1.4.2 and before
Tested Version(s)....: 1.4.2
Vulnerability Type...: Cross-Site Scripting (CWE-79)
Risk Level...........: Medium
CVSS v3.0............: 6.8
Vektor String........: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L/E:F/RL:W
Vendor Homepage......: https://thepluginpeople.atlassian.net/
Software Link........: https://marketplace.atlassian.com/apps/4885/html-include-and-replace-macro
Solution Status......: Reported
Manufacturer Informed: 2019-08-13
Solution Date........: 2019-08-14
Public Disclosure....: 2019-08-14
CVE Reference........: CVE-2019-15053
Author of Advisory...: Francesco Emanuel Bennici, FABMation GmbH
```

## Credits

This security vulnerability was found by _Francesco Emanuel Bennici <eb@fabmation.de>_
of FABMation GmbH.


## Description

HTML Include and replace macro Plugin for Confluence Server adds the possibility
to "import" external HTML Sites within an Confluence Site.
The Plugin/ Macro provides a functionality to disable JavaScript (and/ or)
(CSS) Styles.

An attacker can prepare an HTML page to run JavaScript Code on the Confluence
even if "includeScripts" is set to `false`.

Enabling or Disabling "includeStyles" does not affect the functionality
of the Exploit


## PoC/ Exploit

A working PoC/ Exploit can be found under [`poc/`](poc/).
Upload the Files to an public available Server and include the `index.html` in
a Confluence Page (and disable JavaScript).
Now you can share the Confluence Page with (eg.) an Systemadministrator and if
he access the Site, you can Hijack/ "Copy" his Session.
File Snapshot

 [4.0K]  /data/pocs/0b60b60f52faceef40f4200758a9eef13041e38e
├── [3.3K]  advisory.txt
├── [4.0K]  poc
│   ├── [ 595]  index.html
│   └── [ 207]  s.js
└── [1.8K]  README.md

1 directory, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.