CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection

Last update: Jul 20, 2022

Overview

CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection

Usage

usage: cve-2021-26084_confluence_rce.py [-h] --url URL [--cmd CMD] [--shell]

CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection

optional arguments:
  -h, --help         show this help message and exit
  --url URL, -u URL  Target Url
  --cmd CMD, -c CMD  Command
  --shell            Get shell

python3 cve-2021-26084_confluence_rce.py -u http://target:8090 -c "whoami"

python3 cve-2021-26084_confluence_rce.py -u http://target:8090 -c "cmd.exe /c dir"

GetShsell

python3 cve-2021-26084_confluence_rce.py -u http://target:8090 --shell

Reference:

https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md

Owner

r0cky

GitHub Repository

CVE-2021-45232-RCE-多线程批量漏洞检测

CVE-2021-45232-RCE CVE-2021-45232-RCE-多线程批量漏洞检测 FOFA 查询 title="Apache APISIX Das

36 Sep 21, 2022

Separation of Mainlobes and Sidelobes in the Ultrasound Image Based on the Spatial Covariance (MIST) and Aperture-Domain Spectrum of Received Signals

3 Jan 03, 2023

💣 Bomb Crypto Bot 💣

💣 Bomb Crypto Bot 💣 ⚠️ Warning I am not responsible for any penalties incurred by those who use the bot, use it at your own risk. 📄 Documentation -

4 Apr 27, 2022

🍉一款基于Python-Django的多功能Web安全渗透测试工具，包含漏洞扫描，端口扫描，指纹识别，目录扫描，旁站扫描，域名扫描等功能。

Sec-Tools 项目介绍系统简介本项目命名为Sec-Tools，是一款基于 Python-Django 的在线多功能 Web 应用渗透测试系统，包含漏洞检测、目录识别、端口扫描、指纹识别、域名探测、旁站探测、信息泄露检测等功能。本系统通过旁站探测和域名探测功能对待检测网站进行资产收集，通过端

300 Jan 07, 2023

Strapi Framework Vulnerable to Remote Code Execution

CVE-2019-19609 Strapi Framework Vulnerable to Remote Code Execution well, I didnt found any exploit for CVE-2019-19609 so I wrote one. :/ Usage pytho

7 Mar 08, 2022

Script checks provided domains for log4j vulnerability

log4j Script checks provided domains for log4j vulnerability. A token is created with canarytokens.org and passed as header at request for a single do

2 Dec 12, 2021

Laravel RCE (CVE-2021-3129)

CVE-2021-3129 - Laravel RCE About The script has been made for exploiting the Laravel RCE (CVE-2021-3129) vulnerability. This script allows you to wri

21 Dec 27, 2022

a cool, easily usable and customisable subdomains scanner

Subdah 🔎 another subdomains scanner. Installation ⚠️ Python 3.10 required ⚠️ $ git clone https://github.com/traumatism/subdah $ cd subdah $ pip3 inst

14 Oct 18, 2022

Use FOFA automatic vulnerability scanning tool

AutoSRC Use FOFA automatic vulnerability scanning tool Usage python3 autosrc.py -e FOFA EMAIL -k TOKEN Screenshots License MIT Dev 6613GitHub6613

48 Oct 25, 2022

The Decompressoin tool for Vxworks MINIFS

MINIFS-Decompression The Decompression tool for Vxworks MINIFS filesystem. USAGE python minifs_decompression.py [target_firmware] The example of Mercu

8 Jan 03, 2023

CC CAMERA HACKING TOOL

CAM-HACK CC CAMERA HACKING TOOL Installation On Termux $ apt update

10 Sep 25, 2022

Meterpreter Reverse shell over TOR network using hidden services

Poiana Reverse shell over TOR network using hidden services Features - Create a hidden service - Generate non-staged payload (python/meterpreter_rev

80 Dec 21, 2022

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability. Features Dump a single file w

48 Dec 03, 2022

Generates password lists/dictionaries based on keywords written in python3.

dicbyru Introduction Generates password lists/dictionaries based on keywords. It uses the keywords and adds capital letters, numbers and special chara

2 Oct 31, 2022

Herramienta para descargar eventos de Sucuri WAF hacia disco.

Descarga los eventos de Sucuri Script para descargar los eventos del Sucuri Web Application Firewall (WAF) en el disco como archivos CSV. Requerimient

2 Nov 29, 2021

An IDA pro python script to decrypt Qbot malware string

Qbot-Strings-Decrypter An IDA pro python script to decrypt Qbot malware strings.

6 Sep 01, 2022

This is a simple PoC for the newly found Polkit error names PwnKit

A Python3 and a BASH PoC for CVE-2021-4034 by Kim Schulz

16 Sep 06, 2022

Springboot directory scanning

87 Dec 28, 2022

The probability of having the password you want in the PassMaker is +90%!!

PasswordMaker Strong listing password Introduction The probability of having the password you want in the tool is +90%!! How to Install Open the termi

4 Sep 05, 2021

Files related to PoC||GTFO 21:21 - NSA’s Backdoor of the PX1000-Cr

Files related to PoC||GTFO 21:21 - NSA’s Backdoor of the PX1000-Cr 64bit2key.py

15 Nov 26, 2022

CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection

Related tags

Overview

CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection

Usage

GetShsell

Reference:

Owner

r0cky

CVE-2021-45232-RCE-多线程批量漏洞检测

Separation of Mainlobes and Sidelobes in the Ultrasound Image Based on the Spatial Covariance (MIST) and Aperture-Domain Spectrum of Received Signals

💣 Bomb Crypto Bot 💣

🍉一款基于Python-Django的多功能Web安全渗透测试工具，包含漏洞扫描，端口扫描，指纹识别，目录扫描，旁站扫描，域名扫描等功能。

Strapi Framework Vulnerable to Remote Code Execution

Script checks provided domains for log4j vulnerability

Laravel RCE (CVE-2021-3129)

a cool, easily usable and customisable subdomains scanner

Use FOFA automatic vulnerability scanning tool

The Decompressoin tool for Vxworks MINIFS

CC CAMERA HACKING TOOL

Meterpreter Reverse shell over TOR network using hidden services

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.

Generates password lists/dictionaries based on keywords written in python3.

Herramienta para descargar eventos de Sucuri WAF hacia disco.

An IDA pro python script to decrypt Qbot malware string

This is a simple PoC for the newly found Polkit error names PwnKit

Springboot directory scanning

The probability of having the password you want in the PassMaker is +90%!!

Files related to PoC||GTFO 21:21 - NSA’s Backdoor of the PX1000-Cr