CVE-2021-26084: Confluence Pre-Auth RCE OGNL injection

Sep 10, 2021 1 min read

CVE-2021-26084 – Confluence Pre-Auth RCE OGNL injection

Usage

usage: cve-2021-26084_confluence_rce.py [-h] --url URL [--cmd CMD] [--shell]

CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection

optional arguments:
  -h, --help         show this help message and exit
  --url URL, -u URL  Target Url
  --cmd CMD, -c CMD  Command
  --shell            Get shell

python3 cve-2021-26084_confluence_rce.py -u http://target:8090 -c "whoami"

python3 cve-2021-26084_confluence_rce.py -u http://target:8090 -c "cmd.exe /c dir"

GetShsell

python3 cve-2021-26084_confluence_rce.py -u http://target:8090 --shell

Reference:

https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md

GitHub

https://github.com/r0ckysec/CVE-2021-26084_Confluence

injection

John was the first writer to have joined pythonawesome.com. He has since then inculcated very effective writing and reviewing culture at pythonawesome which rivals have found impossible to imitate.

CVE-2021-26084: Confluence Pre-Auth RCE OGNL injection

CVE-2021-26084 – Confluence Pre-Auth RCE OGNL injection

Usage

GetShsell

Reference:

GitHub

John

An asyncio Python wrapper around the Discord API, forked off of Rapptz's Discord.py

httpstat visualizes curl(1) statistics in a way of beauty and clarity

CVE-2021-26084 – Confluence Pre-Auth RCE OGNL injection

Usage

GetShsell

Reference:

GitHub

An asyncio Python wrapper around the Discord API, forked off of Rapptz's Discord.py

httpstat visualizes curl(1) statistics in a way of beauty and clarity

You might also like...