关联漏洞
标题:Atlassian Bamboo 安全漏洞 (CVE-2024-21689)Description:Atlassian Bamboo是澳大利亚Atlassian公司的一个基于Java的用于持续集成构建的服务端应用。 Atlassian Bamboo存在安全漏洞,该漏洞源于存在远程代码执行漏洞,允许经过身份验证的攻击者执行任意代码,从而影响机密性、完整性和可用性。受影响版本如下:9.6.0至9.6.4 (LTS)版本、9.5.0至9.5.3版本、9.4.0至9.4.4版本、9.3.0至9.3.6版本、9.2.1至9.2.16 (LTS)版本、9.1.0 至9.1.3版本和9.0.0至9.0.4版本。
Description
CVE-2024–21689 RCE Bamboo Data Center and Server Atlassian POC
介绍
#CVE-2024–21689 RCE Bamboo Data Center and Server Atlassian
## CVSS Score - 7.6 🔥
## Description
This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.
### Running the Script
- **Single URL Mode**:
```bash
python3 exploit.py -u http://<target-ip>:8090 -c "whoami"
```
- **File Mode** (for multiple IPs):
```bash
python3 exploit.py -f ips.txt -c "whoami"
```
- **Interactive Shell Mode**:
```bash
python3 exploit.py -u http://<target-ip>:8090 --shell
```
- **Nuclei**:
```bash
nuclei exploit.yaml -f file.txt
```
## Contact
Contact me in TOX: 6FDB3C4D5E6F7G8H9I0J1K2L3M4N5O6P7Q8R9S0TQDQ2
文件快照
[4.0K] /data/pocs/20f3ebf2f69226cd78ea6992c01efb848839477e
├── [ 90] exploit.txt
└── [1011] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。