CVE-2019-3398 PoC — Atlassian Confluence Server和Atlassian Data Center 路径遍历漏洞

Source

https://github.com/superevr/cve-2019-3398

Associated Vulnerability

Title:Atlassian Confluence Server和Atlassian Data Center 路径遍历漏洞 (CVE-2019-3398)
Description:Atlassian Confluence Server和Atlassian Data Center都是澳大利亚Atlassian公司的产品。Atlassian Confluence Server是一套专业的企业知识管理与协同软件，也可以用于构建企业WiKi。Atlassian Data Center是一套数据中心系统。 Atlassian Confluence Server和Atlassian Data Center中的downloadallattachments资源存在路径遍历漏洞，该漏洞源于网络系统或

Description

Python script to exploit confluence path traversal vulnerability cve-2019-3398

Readme

# cve-2019-3398
## Details
A quick python proof of concept for CVE-2019-3398 confluence vulnerability written in python.

Confluence version 6.12.3, 6.13.3, 6.14.2, and 6.15.1 are affected.

The exploit requires working credentials.
# To use
Edit the `os_username` and `os_password` fields, and possibly the `filename` path depending on the vulnerable server. If the path is set right, `shell.jsp` will be available on the root of the web server.

File Snapshot


 [4.0K]  /data/pocs/eed4818c0b76b7fde60d2d5c171b6efbac7aa4f4
├── [2.2K]  poc.py
└── [ 447]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!