CVE-2021-26086 PoC — Atlassian Jira 路径遍历漏洞

Source

https://github.com/Jeromeyoung/CVE-2021-26086

Associated Vulnerability

Title:Atlassian Jira 路径遍历漏洞 (CVE-2021-26086)
Description:Atlassian Jira是澳大利亚Atlassian公司的一套缺陷跟踪管理系统。该系统主要用于对工作中各类问题、缺陷进行跟踪管理。 Atlassian Jira存在安全漏洞，该漏洞源于受影响版本的Atlassian Jira服务器和数据中心代码开发过程中存在实现不当的问题导致路径遍历漏洞。允许远程攻击者可利用该漏洞通过WEB-INF web.xml端点读取特定文件。受影响的版本为8.5.14之前版本、8.6.0版本至8.13.6、8.14.0版本至8.16.1。

Description

Confluence OGNL Injection [CVE-2021-26084].

Readme

# CVE-2021-26084
<p align="center">
  <img src="https://user-images.githubusercontent.com/44043159/132096348-db727da8-bf00-457a-a09d-26599743b145.jpg" width="200" height="200">
</p>


    this is a script written in golang to exploit Confluence OGNL Injection [CVE-2021-26084].
    
---
<p align="center">
  <img src="https://user-images.githubusercontent.com/44043159/132096440-0d279032-103d-4ad2-b9f3-7e55689826f9.png">
  <img src="https://user-images.githubusercontent.com/44043159/132096569-ed253575-5358-4c04-a20d-60c0e7496e1a.png">
</p>

---

```bash
git clone https://github.com/march0s1as/CVE-2021-26084/
cd CVE-2021-26084
go get -v github.com/fatih/color
go build post.go
./post.go -h
```

File Snapshot


 [4.0K]  /data/pocs/c0341d34fcc1d40e8a6b81b83ff4673aa1cbf392
├── [ 240]  go.mod
├── [ 829]  go.sum
├── [3.8K]  post.go
└── [ 700]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!