mirror of
https://github.com/0xMarcio/cve.git
synced 2026-02-12 22:53:11 +00:00
6.5 KiB
6.5 KiB
CVE-2019-3396
Description
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
POC
Reference
- http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html
- http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html
- https://jira.atlassian.com/browse/CONFSERVER-57974
- https://www.exploit-db.com/exploits/46731/
Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/0ps/pocassistdb
- https://github.com/0xNinjaCyclone/cve-2019-3396
- https://github.com/0xT11/CVE-POC
- https://github.com/20142995/Goby
- https://github.com/20142995/nuclei-templates
- https://github.com/20142995/pocsuite
- https://github.com/20142995/sectool
- https://github.com/46o60/CVE-2019-3396_Confluence
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/ArrestX/--POC
- https://github.com/Avento/CVE-2019-3396-Memshell-for-Behinder
- https://github.com/Awrrays/FrameVul
- https://github.com/BitTheByte/Eagle
- https://github.com/CLincat/vulcat
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/ChalkingCode/ExploitedDucks
- https://github.com/FDlucifer/firece-fish
- https://github.com/Faizee-Asad/JIRA-Vulnerabilities
- https://github.com/GhostTroops/TOP
- https://github.com/H4cking2theGate/TraversalHunter
- https://github.com/HK4zCzi/CVE-2019-3396-Velocity-Server-Side-Template-Injection
- https://github.com/Habib0x0/CVE-2022-26134
- https://github.com/HimmelAward/Goby_POC
- https://github.com/JERRY123S/all-poc
- https://github.com/JonathanZhou348/CVE-2019-3396TEST
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/Metarget/metarget
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/NyxAzrael/Goby_POC
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/PetrusViet/cve-2019-3396
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Soundaryakambhampati/test-6
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/UGF0aWVudF9aZXJv/Atlassian-Jira-pentesting
- https://github.com/W2Ning/CVE-2019-3396
- https://github.com/XiaomingX/awesome-poc-for-red-team
- https://github.com/Yt1g3r/CVE-2019-3396_EXP
- https://github.com/Z0fhack/Goby_POC
- https://github.com/abdallah-elsharif/cve-2019-3396
- https://github.com/alex14324/Eagel
- https://github.com/alphaSeclab/sec-daily-2019
- https://github.com/am6539/CVE-2019-3396
- https://github.com/amcai/myscan
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/bigblackhat/oFx
- https://github.com/brunsu/woodswiki
- https://github.com/caodchuong312/test
- https://github.com/cc8700619/poc
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/dothanthitiendiettiende/CVE-2019-3396
- https://github.com/dudek-marcin/Poc-Exp
- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks
- https://github.com/hab1b0x/CVE-2022-26134
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/hktalent/TOP
- https://github.com/hktalent/bug-bounty
- https://github.com/imhunterand/JiraCVE
- https://github.com/jandersoncampelo/InfosecBookmarks
- https://github.com/jas502n/CVE-2019-3394
- https://github.com/jas502n/CVE-2019-3396
- https://github.com/jbmihoub/all-poc
- https://github.com/jweny/pocassistdb
- https://github.com/kh4sh3i/CVE-2019-3396
- https://github.com/koamania/confluence_ssrf_malware_cleaner
- https://github.com/lnick2023/nicenice
- https://github.com/merlinepedra/nuclei-templates
- https://github.com/merlinepedra25/nuclei-templates
- https://github.com/mntn0x/POC
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/odaysec/confluPwn
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/pwnosec/jirapwn
- https://github.com/pyn3rd/CVE-2019-3396
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/quanpt103/CVE-2019-3396
- https://github.com/r0eXpeR/supplier
- https://github.com/rezasarvani/JiraVulChecker
- https://github.com/s1xg0d/CVE-2019-3396
- https://github.com/sevbandonmez/jira-scanner
- https://github.com/skommando/CVE-2019-3396-confluence-poc
- https://github.com/sobinge/nuclei-templates
- https://github.com/superfish9/pt
- https://github.com/t0m4too/t0m4to
- https://github.com/tanw923/test1
- https://github.com/tdcoming/Vulnerability-engine
- https://github.com/tranphuc2005/NTCS_baocao02
- https://github.com/tranphuc2005/NTCS_baocao03
- https://github.com/trganda/dockerv
- https://github.com/underattack-today/underattack-py
- https://github.com/vntest11/confluence_CVE-2019-3396
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/woods-sega/woodswiki
- https://github.com/x-f1v3/CVE-2019-3396
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/xiaoshuier/CVE-2019-3396
- https://github.com/yuehanked/cve-2019-3396
- https://github.com/zhanpengliu-tencent/medium-cve
- https://github.com/zhengjim/loophole
- https://github.com/zhibx/fscan-Intranet