CVE-2021-26084 PoC — Atlassian Confluence Server 注入漏洞

Source

https://github.com/0xf4n9x/CVE-2021-26084

Associated Vulnerability

Title:Atlassian Confluence Server 注入漏洞 (CVE-2021-26084)
Description:Atlassian Confluence Server是澳大利亚Atlassian公司的一套具有企业知识管理功能，并支持用于构建企业WiKi的协同软件的服务器版本。 Atlassian Confluence Server and Data Center 存在注入漏洞，经过身份验证的用户在Confluence 服务器或数据中心实例上执行任意代码。以下产品及版本收到影响：All 4.x.x versions、All 5.x.x versions、All 6.0.x versions、All 6.1.x ver

Description

CVE-2021-26084 Remote Code Execution on Confluence Servers

Readme

# CVE-2021-26084

CVE-2021-26084 Remote Code Execution on Confluence Servers.

![burp](./imgs/burp.png)

### Dork

Fofa:

app="ATLASSIAN-Confluence"

### Usage

Show help information.

```python
python PoC.py
```

![help](./imgs/help.png)

Vulnerability verification for individual websites.

```
python PoC.py -u https://1.1.1.1
```

![url](./imgs/url.png)

Command execution.

```python
python PoC.py -u https://1.1.1.1 -e 'cat /etc/passwd'
```

![rce](./imgs/rce.png)

Batch testing.

```python
python PoC.py -f urls.txt
```

![file](./imgs/file.png)

### Reference

- https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md
- https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2021/CVE-2021-26084.yaml
- https://github.com/h3v0x/CVE-2021-26084_Confluence/

File Snapshot


 [4.0K]  /data/pocs/4ce49a7c8c4393a46b987e4e73d022b6a9d6d0a1
├── [4.0K]  imgs
│   ├── [698K]  burp.png
│   ├── [1.9M]  file.png
│   ├── [344K]  help.png
│   ├── [1.8M]  rce.png
│   └── [ 29K]  url.png
├── [4.9K]  PoC.py
└── [ 789]  README.md

1 directory, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!