Shulou(Shulou.com)05/31 Report--

This article introduces how to achieve Confluence path traversal loophole analysis and reproduction, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Preface

Recently, FireEye, the world's leading cyber security company, was suspected of being attacked by an APT organization. A large number of its government customers' information was accessed without authorization and red team tools were stolen. Although it is not clear what will be done with these red team tools, FireEye has posted some responses on GitHub. Qianxin Code Security Lab will analyze and reproduce the relevant vulnerabilities in the GitHub warehouse from a technical point of view, hoping to bring some inspiration to readers and take good defensive measures.

Brief introduction of vulnerabilities

Atlassian Confluence Server is a set of collaborative software server version of Atlassian company in Australia, which has enterprise knowledge management function and supports the construction of enterprise WiKi. Atlassian Confluence Data Center is the data center version of Atlassian Confluence.

Atlassian Confluence Server and Confluence Data Center have a path traversal vulnerability in downloadallattachments resources. When a remote user can add attachments to a blog page, or create a space, or have administrator privileges on a space, it is possible to use a file name that contains a directory traversal sequence ('.. /') to cause path traversal problems, and arbitrary code can be executed under certain conditions.

Affected product

Atlassian Confluence Server

Confluence Data Center

Affected version

2.0.0

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.