关联漏洞
标题:
Atlassian Confluence Server 注入漏洞
(CVE-2021-26084)
描述:Atlassian Confluence Server是澳大利亚Atlassian公司的一套具有企业知识管理功能,并支持用于构建企业WiKi的协同软件的服务器版本。 Atlassian Confluence Server and Data Center 存在注入漏洞,经过身份验证的用户在Confluence 服务器或数据中心实例上执行任意代码。以下产品及版本收到影响:All 4.x.x versions、All 5.x.x versions、All 6.0.x versions、All 6.1.x ver
介绍
# CVE-2021-26084-EXP
This code is an exploit for the CVE-2021-26084 vulnerability. The vulnerability affects specific versions of software and allows remote attackers to perform arbitrary command injection attacks.
## Vulnerability Description
CVE-2021-26084 is a command injection vulnerability that affects certain versions of software. By constructing a malicious request, an attacker can inject malicious commands and execute them on the target system.
## Prerequisites
- Go 1.17 or later
## Usage
### Step 1: Clone the Repository
```
git clone https://github.com/your-repository.git
```
### Step 2: Change to the Code Directory
```
cd CVE-2021-26084-EXP
```
### Step 3: Compile the Code
```
go build -o cve-2021-26084-exp main.go
```
### Step 4: Run the Code
```
./cve-2021-26084-exp -u <target-url> -c <command-to-execute>
```
Available options:
- `-u`: Target URL, specifying the URL of the target system where the vulnerability exists.
- `-c`: Command to execute, the command you want to execute on the target system.
### Step 5: Check the Results
The program will send the malicious request and wait for the response. If the vulnerability is detected, it will display "Vulnerability detected" and extract the result of the command execution.
## Notes
- This code is intended for authorized penetration testing and educational purposes only. Ensure that you use it within the scope of legal authorization and comply with applicable laws and regulations.
- Testing systems without proper authorization using this code is illegal and may result in severe consequences.
## Disclaimer
This code is provided for educational and research purposes only. The user is solely responsible for any direct or indirect loss caused by the use of this code. The author assumes no liability for any loss or damage caused by the use of this code.
Please carefully read and understand the associated risks and responsibilities before using this code.
文件快照
[4.0K] /data/pocs/680f53ae04cce97de947f6d42879d45e4f66e646
├── [ 224] go.mod
├── [ 865] go.sum
├── [3.3K] main.go
└── [2.0K] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。