Atlassian Confluence Server/Data Center Webwork OGNL Injection RCE

This repository contains a proof-of-concept exploit for a remote code execution vulnerability in a web service, likely Atlassian Confluence. The main file, poc.py, sends a crafted POST request to the /pages/createpage-entervariables.action endpoint, injecting a Java expression that executes a system command on the server. The command reads the /etc/passwd file and exfiltrates its contents to an attacker-controlled domain via HTTP POST. The included poc.txt file provides a raw HTTP request example for manual testing. The exploit demonstrates the ability to execute arbitrary commands on the target server and exfiltrate sensitive data, confirming the presence of a critical vulnerability. The repository is structured as a simple POC with one Python script and one example request file.

This repository contains a Python proof-of-concept exploit for CVE-2021-26084, a critical remote code execution vulnerability in Atlassian Confluence. The main file, PoC.py, provides both vulnerability detection and exploitation capabilities. It tests a list of known vulnerable endpoints on a target Confluence server by sending specially crafted POST requests with OGNL injection payloads in the 'queryString' parameter. If the server is vulnerable, the script can execute arbitrary system commands via Java's ScriptEngineManager and ProcessBuilder, returning the output to the attacker. The script supports single-target and batch modes, logging vulnerable hosts to a file. The README.md provides usage instructions and references. The exploit is operational and can be used to gain remote code execution on unpatched Confluence servers accessible over the network.

This repository contains a Python exploit script (Confluence_OGNLInjection.py) and a README.md. The exploit targets CVE-2021-26084, an OGNL injection vulnerability in Atlassian Confluence Server and Data Center (versions prior to 7.12.5). The script allows an attacker to execute arbitrary system commands on a vulnerable Confluence instance by sending a specially crafted POST request to the '/pages/createpage-entervariables.action' endpoint, injecting a malicious OGNL expression via the 'queryString' parameter. The exploit is interactive, prompting the user for commands and displaying the output from the target server. The README provides usage instructions, references, and context about the vulnerability. The repository is a functional proof-of-concept for remote code execution (RCE) and is intended for research and demonstration purposes only.

This repository provides a proof-of-concept (PoC) exploit for CVE-2021-26084, a remote code execution vulnerability in Atlassian Confluence. The repository contains three files: a README.md with usage instructions and a list of possible vulnerable endpoints, a 'payload' file containing a crafted HTTP POST request exploiting the OGNL injection vulnerability, and a 'windowspayload' file with an alternative payload for Windows systems. The exploit works by sending a specially crafted POST request to the '/pages/createpage-entervariables.action' endpoint, injecting OGNL expressions that execute arbitrary system commands on the server. The payloads demonstrate execution of commands such as 'calc' and 'ipconfig'. The README also lists several Confluence endpoints that may be targeted. The exploit is confirmed to work on Confluence version 7.12.4. No detection scripts or fake elements are present; this is a functional PoC exploit for remote code execution.

This repository is a collection of Python-based exploit and POC scripts targeting a variety of web applications, firewalls, and network devices. The scripts are organized by target product and vulnerability, with each directory containing one or more scripts for a specific exploit. The main capabilities include: - Arbitrary file read exploits (e.g., Apache Druid CVE-2021-36749, Apache Solr <=8.8.1, Landray OA, Kyan, etc.) - Remote command execution (RCE) exploits (e.g., Confluence CVE-2021-26084, TamronOS-IPTV, ZeroShell CVE-2019-12725, phpStudy backdoor, etc.) - Arbitrary file upload (ShowDoc CNVD-2020-26585) - Credential extraction and information disclosure (Wayos firewall, Ruijie EG Gateway, Kyan, Landray OA) - Unauthorized admin access (YCXF admin system) Each script typically supports both single-target and batch scanning modes, with options for verification and exploitation. The scripts use HTTP(S) requests to interact with vulnerable endpoints, often leveraging unauthenticated or weakly authenticated interfaces. The payloads include file read requests, command injection, and webshell uploads. The repository is operational in maturity, providing working exploits and not just detection scripts. All scripts are written in Python and are intended for use in authorized security testing.

This repository is a Python-based exploit toolkit targeting multiple remote code execution (RCE) vulnerabilities in Atlassian Confluence: CVE-2021-26084, CVE-2022-26134, and CVE-2023-22527. The structure includes a GUI (gui/gui.py) for user interaction, a main entry point (main.py), and individual proof-of-concept (POC) scripts for each CVE under the pocs/ directory. The tool allows users to check for vulnerability, execute arbitrary commands, and obtain reverse shells on vulnerable Confluence servers. It supports both HTTP and SOCKS5 proxies for network operations. Additional utility scripts are provided for proxy checking and DNS log operations. The exploit payloads leverage OGNL and template injection vulnerabilities to achieve command execution. The endpoints targeted are specific Confluence paths known to be vulnerable. The toolkit is operational, providing both detection and exploitation capabilities, and is suitable for security testing and red teaming against affected Confluence instances.