.. / CVE-2021-26084

Exploit for Confluence Server - Remote Code Execution (CVE-2021-26084)

Description:

Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if ‘Allow people to sign up to create their account’ is enabled. To check whether this is enabled go to COG > User Management > User Signup Options.

Nuclei Template

View the template here CVE-2021-26084.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-26084.yaml

References:

https://github.com/Udyz/CVE-2021-26084
https://jira.atlassian.com/browse/CONFSERVER-67940
https://nvd.nist.gov/vuln/detail/CVE-2021-26084
https://github.com/httpvoid/CVE-Reverse/tree/master/CVE-2021-26084
https://github.com/0xsyr0/OSCP

.. / CVE-2021-26084 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Confluence Server - Remote Code Execution (CVE-2021-26084)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-26084