关联漏洞
标题:
Atlassian Confluence Server 注入漏洞
(CVE-2021-26084)
描述:Atlassian Confluence Server是澳大利亚Atlassian公司的一套具有企业知识管理功能,并支持用于构建企业WiKi的协同软件的服务器版本。 Atlassian Confluence Server and Data Center 存在注入漏洞,经过身份验证的用户在Confluence 服务器或数据中心实例上执行任意代码。以下产品及版本收到影响:All 4.x.x versions、All 5.x.x versions、All 6.0.x versions、All 6.1.x ver
描述
Confluence Server Webwork OGNL injection
介绍
# CVE-2021-26084 - Confluence Server Webwork OGNL injection
- An OGNL injection vulnerability exists that would allow an authenticated user and in some instances unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance.
### IMPORTANT
This exploit is only intended to facilitate demonstrations of the vulnerability by researchers. I disapprove of illegal actions and take no responsibility for any malicious use of this script. The proof of concept demonstrated in this repository does not expose any hosts and was performed with permission.
#### • queryString param Request
![]()
### Exploit Usage
#### Commands:
`$ python3 Confluence_OGNLInjection.py -u http://xxxxx.com `
#### or
`$ python3 Confluence_OGNLInjection.py -u http://xxxxx.com -p /pages/createpage-entervariables.action?SpaceKey=x `
#### • Exploitation with Confluence_OGNLInjection.py
- References:
https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md
https://www.exploit-db.com/exploits/50243
文件快照
[4.0K] /data/pocs/5c8d6831cc08ae7f826f4b97c09453266f50879f
├── [3.3K] Confluence_OGNLInjection.py
└── [1.3K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。