CVE-2021-26084 PoC — Atlassian Confluence Server 注入漏洞

Source

https://github.com/attacker-codeninja/CVE-2021-26084

Associated Vulnerability

Title:Atlassian Confluence Server 注入漏洞 (CVE-2021-26084)
Description:In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

Description

Confluence OGNL injection

Readme

# CVE-2021-26084
Confluence OGNL injection

CVE-2021-26084 is an Object-Graph Navigation Language (OGNL) injection vulnerability in the Atlassian Confluence Webwork implementation. An unauthenticated, remote attacker could exploit this flaw by sending a specially crafted request to vulnerable endpoints on the Confluence Server or Data Center instance. Successful exploitation would allow an attacker to execute arbitrary code.

## Note - make sure to change the collaborator id.

## Usage  
```bash
python3 CVE-2021-26084.py http://target
```

## Authors
• [D0rkerDevil](https://twitter.com/D0rkerDevil) 

 This is for educational purposes, Authors are not responsible for any damages.

File Snapshot


 [4.0K]  /data/pocs/cc9c93bc78b01b1ab721a0d7c7edfa46be327af8
├── [1.6K]  CVE-2021-26084.py
└── [ 693]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!