Last Atlassian OGNL injection vulnerability (CVE-2021-26084) detected and exploited in the wild.
www.tenable.com
confluence.atlassian.com
If you want to check if servers are vulnerable check with this one-liner command (extracted from https://github.com/1ZRR4H/CVE-2021-26084). Just extract an IP list from Shodan or Censys.
cat confluence_servers.txt | while read host do; do curl --connect-timeout 10 --max-time 60 --path-as-is --silent --insecure --user-agent "prefered_user_agent" "https://$host/pages/createpage-entervariables.action?SpaceKey=x" | grep -q 'action="doenterpagevariables.action"' && printf "$host \033[1;35m Vulnerable\e[0m\n" || printf "$host \033[1;32mOK\e[0m\n"; done;
Then, if you want to exploit these servers matched with the vulnerability scan.
Enjoy!
CVE-2021-26084: Atlassian Confluence OGNL Injection Vulnerability Exploited in the Wild
Recently disclosed critical flaw in Atlassian Confluence Server is being exploited in the wild by attackers. Organizations should apply patches immediately. Background On August 25, Atlassian published a security advisory for a critical vulnerability in its Confluence Server and Data Center...
www.tenable.com
Confluence Security Advisory - 2021-08-25 | Confluence Data Center 10.2 | Atlassian Documentation
confluence.atlassian.com
If you want to check if servers are vulnerable check with this one-liner command (extracted from https://github.com/1ZRR4H/CVE-2021-26084). Just extract an IP list from Shodan or Censys.
cat confluence_servers.txt | while read host do; do curl --connect-timeout 10 --max-time 60 --path-as-is --silent --insecure --user-agent "prefered_user_agent" "https://$host/pages/createpage-entervariables.action?SpaceKey=x" | grep -q 'action="doenterpagevariables.action"' && printf "$host \033[1;35m Vulnerable\e[0m\n" || printf "$host \033[1;32mOK\e[0m\n"; done;
Then, if you want to exploit these servers matched with the vulnerability scan.
GitHub - Udyz/CVE-2021-26084: Atlassian Confluence Pre-Auth RCE
Atlassian Confluence Pre-Auth RCE. Contribute to Udyz/CVE-2021-26084 development by creating an account on GitHub.
github.com
GitHub - dock0d1/CVE-2021-26084_Confluence: Exploit CVE 2021 26084 Confluence
Exploit CVE 2021 26084 Confluence. Contribute to dock0d1/CVE-2021-26084_Confluence development by creating an account on GitHub.
github.com
Enjoy!