René's URL Explorer Experiment


Title: CVE-2021-26084 - Remote Code Execution on Confluence Servers | HTTPVoid Research

Open Graph Title: CVE-2021-26084 - Remote Code Execution on Confluence Servers

X Title: CVE-2021-26084 - Remote Code Execution on Confluence Servers

Description: We got this vulnerability in our Twitter feed via Matthias’s tweet:

Open Graph Description: We got this vulnerability in our Twitter feed via Matthias’s tweet:

Opengraph URL: https://httpvoid.com/Confluence-RCE.md

Generator: Jekyll v4.3.1

direct link

Domain: httpvoid.com


Hey, it has json ld scripts:
{"@context":"https://schema.org","@type":"BlogPosting","dateModified":"2021-09-01T00:00:00+00:00","datePublished":"2021-09-01T00:00:00+00:00","description":"We got this vulnerability in our Twitter feed via Matthias’s tweet:","headline":"CVE-2021-26084 - Remote Code Execution on Confluence Servers","image":"https://httpvoid.com/assets/cover.png","mainEntityOfPage":{"@type":"WebPage","@id":"https://httpvoid.com/Confluence-RCE.md"},"publisher":{"@type":"Organization","logo":{"@type":"ImageObject","url":"https://httpvoid.com/assets/logo.png"}},"url":"https://httpvoid.com/Confluence-RCE.md"}

NoneIE=edge
og:localeen_US
og:site_nameHTTPVoid Research
og:imagehttps://httpvoid.com/assets/cover.png
og:typearticle
article:published_time2021-09-01T00:00:00+00:00
twitter:cardsummary_large_image
twitter:imagehttps://httpvoid.com/assets/cover.png
theme-color#fdfdfd

Links:

HTTPVoid Researchhttps://httpvoid.com/
Analyzing the hot patchhttps://httpvoid.com/Confluence-RCE.md#analyzing-the-hot-patch
Bypassing isSafeExpressionhttps://httpvoid.com/Confluence-RCE.md#bypassing-issafeexpression
Bonus - Better Payloadhttps://httpvoid.com/Confluence-RCE.md#bonus---better-payload
Bonus - Debugginghttps://httpvoid.com/Confluence-RCE.md#bonus---debugging
hotfixhttps://confluence.atlassian.com/doc/files/1077906215/1077916296/2/1629936383093/cve-2021-26084-update.sh
Orangehttps://blog.orange.tw/2018/08/how-i-chained-4-bugs-features-into-rce-on-amazon.html
Beans Validation RCE by @pwntesterhttps://securitylab.github.com/research/bean-validation-RCE/
OGNL thinghttps://github.com/jkuhnert/ognl/blob/master/src/etc/ognl.jjt#L48
https://httpvoid.com/Confluence-RCE.md
httpvoidhttps://github.com/httpvoid
httpvoid0x2fhttps://www.twitter.com/httpvoid0x2f

Viewport: width=device-width, initial-scale=1


URLs of crawlers that visited me.