CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection

Related tags

Security related resourcesCVE-2021-26084_Confluence
Overview

CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection

Usage

  • usage: cve-2021-26084_confluence_rce.py [-h] --url URL [--cmd CMD] [--shell]

CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection

optional arguments:
  -h, --help         show this help message and exit
  --url URL, -u URL  Target Url
  --cmd CMD, -c CMD  Command
  --shell            Get shell

  • python3 cve-2021-26084_confluence_rce.py -u http://target:8090 -c "whoami"

    1630484082986

  • python3 cve-2021-26084_confluence_rce.py -u http://target:8090 -c "cmd.exe /c dir"

    1630484112292

GetShsell

python3 cve-2021-26084_confluence_rce.py -u http://target:8090 --shell

1630490483870

1630490401164

Reference:

https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md

Owner
r0cky
r0cky
GitHub Repository
CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE

CVE-2022-1388 CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE. POST /mgmt/tm/util/bash HTTP/1.1 Host: Accept-Encoding: gzip, deflate Accept: */

M4rtin Hsu 81 Dec 12, 2022
Gitlab RCE - Remote Code Execution

Gitlab RCE - Remote Code Execution RCE for old gitlab version = 11.4.7 & 12.4.0-12.8.1 LFI for old gitlab versions 10.4 - 12.8.1 This is an exploit f

153 Nov 09, 2022
CVE-2021-26084 Remote Code Execution on Confluence Servers

CVE-2021-26084 CVE-2021-26084 Remote Code Execution on Confluence Servers. Dork Fofa: app="ATLASSIAN-Confluence" Usage Show help information. python P

FQ Hsu 63 Dec 30, 2022
windows电脑查看全部连接过的WiFi密码

python WIFI历史密码查看器 WIFI密码查看器 原理 win+R,输入cmd打开命令行窗口 #这个命令可以列出你所有连接过的wifi netsh wlan show profiles #替换你要查找的WiFi名称,就可以显示出这个wifi的所有信息,包括密码 netsh wlan show

GMYXDS 15 Dec 22, 2022
hackinsta: a program to hack instagram

hackinsta a program to hack instagram Yokoback_(instahack) is the file to open, you need libraries write on import. You run that file in the same fold

1 Dec 04, 2021
Android Malware (Analysis | Scoring) System

An Obfuscation-Neglect Android Malware Scoring System Quark-Engine is also bundled with Kali Linux, BlackArch. A trust-worthy, practical tool that's r

Quark-Engine 1k Jan 04, 2023
A windows post exploitation tool that contains a lot of features for information gathering and more.

Crowbar - A windows post exploitation tool Status - ✔️ This project is now considered finished. Any updates from now on will most likely be new script

29 Nov 20, 2022
Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

Astro 9 Sep 27, 2022
"KeyLogger-WebService" Is a Keylogger Write In python.

KeyLogger-WebService "KeyLogger-WebService" Is a Keylogger Write In python. When you Inject the file on a computer once the file is opened on the comp

Freddox 21 Dec 16, 2022
This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit

CVE-2021-40444 builders This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit. This repo is just for testing, re

ASL IT Security 168 Nov 09, 2022
This program will brute force any Instagram account you send it its way given a list of proxies.

Instagram Bruter This program will brute force any Instagram account you send it its way given a list of proxies. NOTICE I'm no longer maintaining thi

1 Nov 15, 2021
A gui application used for network reconnaissance while pentesting

netrecon A gui application used for network reconnaissance while pentesting

Krisna Pranav 4 Sep 03, 2022
This is a Crypto asset tracker that I built to aid my personal journey in cryptocurrencies.

Wallet Tracker This is a Crypto asset tracker that I built to aid my personal journey in cryptocurrencies. build docker build -t wallet-tracker . run

2 Mar 21, 2022
Proof of concept for CVE-2021-24086, a NULL dereference in tcpip.sys triggered remotely.

CVE-2021-24086 This is a proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability "), a NULL dereference in tcpip.sys patc

Axel Souchet 220 Dec 14, 2022
Malware for Discord, designed to steal passwords, tokens, and inject discord folders for long-term use.

Vital What is Vital? Vital is malware primarily used to collect and extract information from the Discord desktop client. While it has other features (

HellSec 59 Dec 01, 2022
A simple way to store your passwords without requiring third party applications

SimplePasswordManager A simple way to store your passwords without requiring third party applications Simple To Use. Store Your Passwords For Each Web

Leone Odinga 1 Dec 23, 2021
Discord-email-spammer-exploit - A discord email spammer exploit with python

Discord-email-spammer-exploit was made by Love ❌ code ✅ 🎈 ・Description First it

Rdimo 25 Aug 13, 2022
FIVE, Vulnerability Scanner And Mass Exploiter, made for pentesting.

$ FIVE - FIVE is a Pentesting Framework to Test the Security & Integrity of a Website, or Multiple Websites. $ Info FIVE Was Made After Vulnnr to Prod

Neon 24 Dec 10, 2021
Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples Above is an adversarial example: the slightly pert

Anish Athalye 838 Dec 18, 2022
A small utility to deal with malware embedded hashes.

Uchihash is a small utility that can save malware analysts the time of dealing with embedded hash values used for various things such as: Dyn

Abdallah Elshinbary 48 Dec 19, 2022