An Object-Graph Navigation Language injection vulnerability in the Atlassian Confluence Webwork implementation

Sep 12, 2021 1 min read

CVE-2021-26084

Confluence OGNL injection

CVE-2021-26084 is an Object-Graph Navigation Language (OGNL) injection vulnerability in the Atlassian Confluence Webwork implementation. An unauthenticated, remote attacker could exploit this flaw by sending a specially crafted request to vulnerable endpoints on the Confluence Server or Data Center instance. Successful exploitation would allow an attacker to execute arbitrary code.

Note – make sure to change the collaborator id.

Usage

python3 CVE-2021-26084.py http://target

Authors

• D0rkerDevil

This is for educational purposes, Authors are not responsible for any damages.

GitHub

https://github.com/dorkerdevil/CVE-2021-26084

Graph injection

John was the first writer to have joined pythonawesome.com. He has since then inculcated very effective writing and reviewing culture at pythonawesome which rivals have found impossible to imitate.