Fix docs
rrockru
parent
eab1f6ca54
commit
c0b4e7701f
|
|
@ -1,4 +1,4 @@
|
||||||
## Description
|
# Description
|
||||||
|
|
||||||
This module exploits a Velocity Template Injection in Atlassian Confluence Widget Connector Macro before 6.14.2 to execute arbitrary code (CVE-2019-3396). No authentication is required to exploit this vulnerability.
|
This module exploits a Velocity Template Injection in Atlassian Confluence Widget Connector Macro before 6.14.2 to execute arbitrary code (CVE-2019-3396). No authentication is required to exploit this vulnerability.
|
||||||
|
|
||||||
|
|
@ -10,10 +10,10 @@ References:
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3396
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3396
|
||||||
https://confluence.atlassian.com/doc/confluence-security-advisory-2019-03-20-966660264.html
|
https://confluence.atlassian.com/doc/confluence-security-advisory-2019-03-20-966660264.html
|
||||||
|
|
||||||
## Vulnerable Application
|
# Vulnerable Application
|
||||||
Affecting Atlassian Confluence before version 6.6.12, from version 6.7.0 before 6.12.3, from version 6.13.0 before 6.13.3 and from version 6.14.0 before 6.14.2.
|
Affecting Atlassian Confluence before version 6.6.12, from version 6.7.0 before 6.12.3, from version 6.13.0 before 6.13.3 and from version 6.14.0 before 6.14.2.
|
||||||
|
|
||||||
## Verification Steps
|
# Verification Steps
|
||||||
|
|
||||||
List the steps needed to make sure this thing works
|
List the steps needed to make sure this thing works
|
||||||
|
|
||||||
|
|
@ -28,12 +28,12 @@ List the steps needed to make sure this thing works
|
||||||
- [ ] `exploit`
|
- [ ] `exploit`
|
||||||
- [ ] You should get a meterpreter session.
|
- [ ] You should get a meterpreter session.
|
||||||
|
|
||||||
## Options
|
# Options
|
||||||
- **TARGETURI**: Path to Atlassian Confluence installation ("/" is the default)
|
- **TARGETURI**: Path to Atlassian Confluence installation ("/" is the default)
|
||||||
- **ListenerTimeout**: Time that the Listener will wait for the payload request ("10" is the default)
|
- **ListenerTimeout**: Time that the Listener will wait for the payload request ("10" is the default)
|
||||||
|
|
||||||
## Scenario
|
# Scenario
|
||||||
# Tested on Confluence 6.8.2 with Windows target
|
## Tested on Confluence 6.8.2 with Windows target
|
||||||
```
|
```
|
||||||
msf5 > use exploit/multi/http/confluence_widget_connector
|
msf5 > use exploit/multi/http/confluence_widget_connector
|
||||||
msf5 exploit(multi/http/confluence_widget_connector) > set RHOST target.com
|
msf5 exploit(multi/http/confluence_widget_connector) > set RHOST target.com
|
||||||
|
|
@ -78,7 +78,7 @@ meterpreter > quit
|
||||||
msf5 exploit(multi/http/confluence_widget_connector) >
|
msf5 exploit(multi/http/confluence_widget_connector) >
|
||||||
```
|
```
|
||||||
|
|
||||||
# Tested on Confluence 6.8.2 with Java target
|
## Tested on Confluence 6.8.2 with Java target
|
||||||
```
|
```
|
||||||
msf5 > use exploit/multi/http/confluence_widget_connector
|
msf5 > use exploit/multi/http/confluence_widget_connector
|
||||||
msf5 exploit(multi/http/confluence_widget_connector) > set RHOST target.com
|
msf5 exploit(multi/http/confluence_widget_connector) > set RHOST target.com
|
||||||
|
|
@ -119,7 +119,7 @@ meterpreter > quit
|
||||||
msf5 exploit(multi/http/confluence_widget_connector) >
|
msf5 exploit(multi/http/confluence_widget_connector) >
|
||||||
```
|
```
|
||||||
|
|
||||||
# Tested on Confluence 6.8.2 with Linux target
|
## Tested on Confluence 6.8.2 with Linux target
|
||||||
```
|
```
|
||||||
msf5 > use exploit/multi/http/confluence_widget_connector
|
msf5 > use exploit/multi/http/confluence_widget_connector
|
||||||
msf5 exploit(multi/http/confluence_widget_connector) > set RHOST target.com
|
msf5 exploit(multi/http/confluence_widget_connector) > set RHOST target.com
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue