search

Confluence

hashtag
Exploits

Authentificated RCE: https://github.com/W01fh4cker/CVE-2024-21683-RCEarrow-up-right

Unauthentificated RCE: https://github.com/adminlove520/CVE-2023-22527arrow-up-right

Unauthentificated RCE: https://github.com/iveresk/cve-2022-26134arrow-up-right

Unauthentificated Reset Database: https://github.com/ForceFledgling/CVE-2023-22518arrow-up-right

Arbitary File Read: https://github.com/ColdFusionX/CVE-2021-26085arrow-up-right

Unauthentificated RCE: https://github.com/ZZ-SOCMAP/CVE-2021-26084arrow-up-right

hashtag
Post-Exploit

hashtag
Password reset

Connect to database. User admin with pass admin

update cwd_user set credential='{PKCS5S2}8WEZjkCbLWysbcbZ5PRgMbdJgJOhkzRT3y1jxOqke2z1Zr79q8ypugFQEYaMoIZt' where user_name='admin';

hashtag
Config locate

confluence.cfg.xml contains database credentials and jwt keys.

PreviousJiraNextJava

Last updated