CVE-2021-26084 PoC — Atlassian Confluence Server 注入漏洞

Source

Associated Vulnerability

Description

Confluence server webwork OGNL injection

Readme

<h1 align="right">
  <br>
  <a href="https://github.com/smadi0x86/CVE-2021-26084"><img src="https://upload.wikimedia.org/wikipedia/commons/thumb/8/88/Atlassian_Confluence_2017_logo.svg/2560px-Atlassian_Confluence_2017_logo.svg.png" alt="confluence.logo"></a>
  <br>
  CVE-2021-26084
  <br>
</h1>

<h3 align="center">An OGNL injection vulnerability exists that would allow an authenticated user and in some instances unauthenticated user to execute arbitrary code on a confluence server or data center instance.</h3>

<p align="center">
  <a href="">
    <img src="https://img.shields.io/badge/python-py-yellow.svg">
    <img src="https://img.shields.io/badge/General-Exploits-black.svg">
  </a>
  </p>

## ✅ QueryString param request :

![131630570-857df5dd-525d-43ec-9466-5c92ac9c1322](https://user-images.githubusercontent.com/75253629/132122042-3df60e2a-4105-4648-8b65-2a31347b64a6.png)

## ☢️ Usage :
``$ python3 CVE-2021-26084_Confluence.py -u http://website.com``

## 📜 References :
- https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
- https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md

## ⚠️ Disclaimer :
- I am not responsible for any misuse of this information, its only for education purposes 

## 📞 Contact :
<p align="center">
<a href="https://linkedin.com/in/saud-smadi" target="blank"><img align="center" src="https://cdn.jsdelivr.net/npm/simple-icons@3.0.1/icons/linkedin.svg" alt="smadi" height="25" width="25" /></a>
<a href="https://twitter.com/@smadi0x86" target="blank"><img align="center" src="https://cdn.jsdelivr.net/npm/simple-icons@7.5.0/icons/twitter.svg" alt="smadi" height="25" width="25" /></a>
<a href="https://t.me/rootsmadi" target="blank"><img align="center" src="https://cdn.jsdelivr.net/npm/simple-icons@3.0.1/icons/telegram.svg" alt="smadi" height="25" width="25" /></a>
<a href="https://smadi0x86-blog.gitbook.io/smadi0x86-blog/" target="blank"><img align="center" src="https://cdn.jsdelivr.net/npm/simple-icons@7.5.0/icons/gitbook.svg" alt="smadi" height="25" width="25" /></a>
</p>

File Snapshot

 [4.0K]  /data/pocs/002e0c8f894a5b8f603c382c3531dea9b20302bb
├── [3.2K]  CVE-2021-26084_Confluence.py
├── [2.0K]  README.md
└── [6.6K]  vulnsites.txt

0 directories, 3 files

Remarks