### [CVE-2021-26084](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26084)
![](https://img.shields.io/static/v1?label=Product&message=Confluence%20Data%20Center&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Confluence%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=6.14.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.12.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.5.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution&color=brightgreen)

### Description

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

### POC

#### Reference
- http://packetstormsecurity.com/files/164013/Confluence-Server-7.12.4-OGNL-Injection-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/164122/Atlassian-Confluence-WebWork-OGNL-Injection.html
- http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html

#### Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/0x727/ShuiZe_0x727
- https://github.com/0xMarcio/cve
- https://github.com/0xMrNiko/Awesome-Red-Teaming
- https://github.com/0xf4n9x/CVE-2021-26084
- https://github.com/0xsyr0/OSCP
- https://github.com/189569400/Meppo
- https://github.com/1ZRR4H/CVE-2021-26084
- https://github.com/20142995/Goby
- https://github.com/20142995/nuclei-templates
- https://github.com/20142995/pocsuite3
- https://github.com/20142995/sectool
- https://github.com/30579096/Confluence-CVE-2021-26084
- https://github.com/34zY/APT-Backpack
- https://github.com/3stoneBrother/atlassian_pbkdf2_dehash
- https://github.com/4ra1n/poc-runner
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/AdityaBhatt3010/Dork-Like-a-Demon-Shodan-Edition-for-Hackers-and-Bug-Bounty-Hunters
- https://github.com/Amar224/Pentest-Tools
- https://github.com/Andromeda254/cve
- https://github.com/AnonymouID/POC
- https://github.com/ArrestX/--POC
- https://github.com/Awrrays/FrameVul
- https://github.com/BBD-YZZ/Confluence-RCE
- https://github.com/BLACKHAT-SSG/MindMaps2
- https://github.com/BeRserKerSec/CVE-2021-26084-Nuclei-template
- https://github.com/CLincat/vulcat
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/ChalkingCode/ExploitedDucks
- https://github.com/CrackerCat/CVE-2021-26084
- https://github.com/Drajoncr/AttackWebFrameworkTools
- https://github.com/FDlucifer/firece-fish
- https://github.com/GhostTroops/TOP
- https://github.com/GlennPegden2/cve-2021-26084-confluence
- https://github.com/H1CH444MREB0RN/PenTest-free-tools
- https://github.com/HimmelAward/Goby_POC
- https://github.com/JERRY123S/all-poc
- https://github.com/JKme/CVE-2021-26084
- https://github.com/Jeromeyoung/CVE-2021-26086
- https://github.com/Jun-5heng/CVE-2021-26084
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/Lazykakarot1/Learn-365
- https://github.com/Li468446/Atlassian_Confluence
- https://github.com/Loginsoft-LLC/Linux-Exploit-Detection
- https://github.com/Loginsoft-Research/Linux-Exploit-Detection
- https://github.com/Loneyers/CVE-2021-26084
- https://github.com/Lotus6/ConfluenceMemshell
- https://github.com/Mehedi-Babu/pentest_tools_repo
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/Moros-td/-AUTOMATED-DETECTION-AND-RESPONSE-TO-INFORMATION-SYSTEM-SECURITY-INCIDENTS
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/NyxAzrael/Goby_POC
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/Osyanina/westone-CVE-2021-26084-scanner
- https://github.com/PwnAwan/MindMaps2
- https://github.com/R0OtAdm1n/CVE-2021-26084-EXP
- https://github.com/ReAbout/web-sec
- https://github.com/Reclu3a/CVE-2021-26084-Confluence-OGNL
- https://github.com/S3cur3Th1sSh1t/My-starred-Repositories
- https://github.com/S3cur3Th1sSh1t/Pentest-Tools
- https://github.com/SYRTI/POC_to_review
- https://github.com/Sma11New/PocList
- https://github.com/SummerSec/SpringExploit
- https://github.com/TesterCC/exp_poc_library
- https://github.com/TheclaMcentire/CVE-2021-26084_Confluence
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/UGF0aWVudF9aZXJv/Atlassian-Jira-pentesting
- https://github.com/Udyz/CVE-2021-26084
- https://github.com/Vulnmachines/Confluence_CVE-2021-26084
- https://github.com/Waseem27-art/ART-TOOLKIT
- https://github.com/WhooAmii/POC_to_review
- https://github.com/WingsSec/Meppo
- https://github.com/Xc1Ym/cve_2021_26084
- https://github.com/XiaomingX/awesome-poc-for-red-team
- https://github.com/YellowVeN0m/Pentesters-toolbox
- https://github.com/Z0fhack/Goby_POC
- https://github.com/ZZ-SOCMAP/CVE-2021-26084
- https://github.com/ZZ-SOCMAP/Pocs-Exps
- https://github.com/ZZ-SOCMAP/pocs
- https://github.com/al4xs/confluence
- https://github.com/antx-code/CVE-2021-26084
- https://github.com/attacker-codeninja/CVE-2021-26084
- https://github.com/b1gw00d/CVE-2021-26084
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/bcdannyboy/CVE-2021-26084_GoPOC
- https://github.com/bigblackhat/oFx
- https://github.com/binganao/vulns-2022
- https://github.com/brunsu/woodswiki
- https://github.com/byteofandri/CVE-2021-26084
- https://github.com/byteofjoshua/CVE-2021-26084
- https://github.com/carlosevieira/CVE-2021-26084
- https://github.com/cc8700619/poc
- https://github.com/ch4t4pt/CVE-2021-26084-EXP
- https://github.com/crowsec-edtech/CVE-2021-26084
- https://github.com/cryptoforcecommand/log4j-cve-2021-44228
- https://github.com/curated-intel/Log4Shell-IOCs
- https://github.com/cyb3r-w0lf/nuclei-template-collection
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/demining/Log4j-Vulnerability
- https://github.com/dinhbaouit/CVE-2021-26084
- https://github.com/dock0d1/CVE-2021-26084_Confluence
- https://github.com/dorkerdevil/CVE-2021-26084
- https://github.com/elinakrmova/RedTeam-Tools
- https://github.com/emtee40/win-pentest-tools
- https://github.com/enomothem/PenTestNote
- https://github.com/fardeen-ahmed/Bug-bounty-Writeups
- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks
- https://github.com/h3v0x/CVE-2021-26084_Confluence
- https://github.com/hack-parthsharma/Pentest-Tools
- https://github.com/harsh-bothra/learn365
- https://github.com/hev0x/CVE-2021-26084_Confluence
- https://github.com/hktalent/TOP
- https://github.com/hktalent/bug-bounty
- https://github.com/huike007/penetration_poc
- https://github.com/huimzjty/vulwiki
- https://github.com/huisetiankong478/penetration_poc
- https://github.com/insecrez/Bug-bounty-Writeups
- https://github.com/jagat-singh-chaudhary/bugbounty-365-days
- https://github.com/jared1981/More-Pentest-Tools
- https://github.com/jbmihoub/all-poc
- https://github.com/joydo/CVE-Writeups
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/kdandy/pentest_tools
- https://github.com/kkin77/CVE-2021-26084-Confluence-OGNL
- https://github.com/leoambrus/CheckersNomisec
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/lleavesl/CVE-2021-26084
- https://github.com/luck-ying/Library-POC
- https://github.com/ludy-dev/CVE-2021-26084_PoC
- https://github.com/manas3c/CVE-POC
- https://github.com/march0s1as/CVE-2021-26084
- https://github.com/maskerTUI/CVE-2021-26084
- https://github.com/mdisec/mdisec-twitch-yayinlari
- https://github.com/merlinepedra/AttackWebFrameworkTools-5.0
- https://github.com/merlinepedra/Pentest-Tools
- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
- https://github.com/merlinepedra25/Pentest-Tools
- https://github.com/merlinepedra25/Pentest-Tools-1
- https://github.com/n0-traces/cve_monitor
- https://github.com/nahcusira/CVE-2021-26084
- https://github.com/nizar0x1f/CVE-2021-26084-patch-
- https://github.com/nizarbamida/CVE-2021-26084-patch-
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/numencyber/atlassian_pbkdf2_dehash
- https://github.com/odaysec/confluPwn
- https://github.com/onewinner/VulToolsKit
- https://github.com/openx-org/BLEN
- https://github.com/orangmuda/CVE-2021-26084
- https://github.com/orgTestCodacy11KRepos110MB/repo-5222-ShuiZe_0x727
- https://github.com/osungjinwoo/confluence
- https://github.com/ouwenjin/-
- https://github.com/p0nymc1/CVE-2021-26084
- https://github.com/pathakabhi24/Pentest-Tools
- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
- https://github.com/peiqiF4ck/WebFrameworkTools-5.5
- https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance
- https://github.com/pen4uin/awesome-pentest-note
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/pentest-note
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/pipiscrew/timeline
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/prettyrecon/CVE-2021-26084_Confluence
- https://github.com/quesodipesto/conflucheck
- https://github.com/r0ckysec/CVE-2021-26084_Confluence
- https://github.com/r0eXpeR/supplier
- https://github.com/retr0-13/Pentest-Tools
- https://github.com/rootsmadi/CVE-2021-26084
- https://github.com/rudraimmunefi/source-code-review
- https://github.com/rudrapwn/source-code-review
- https://github.com/shanyuhe/YesPoc
- https://github.com/shengshengli/AttackWebFrameworkTools-5.0
- https://github.com/sma11new/PocList
- https://github.com/smadi0x01/CVE-2021-26084
- https://github.com/smadi0x86/CVE-2021-26084
- https://github.com/smallpiggy/cve-2021-26084-confluence
- https://github.com/soosmile/POC
- https://github.com/suizhibo/MemShellGene
- https://github.com/tangxiaofeng7/CVE-2021-26084_Confluence
- https://github.com/taythebot/CVE-2021-26084
- https://github.com/toowoxx/docker-confluence-patched
- https://github.com/trhacknon/Pocingit
- https://github.com/triw0lf/Security-Matters-22
- https://github.com/tzwlhack/ShuiZe_0x727
- https://github.com/vpxuser/CVE-2021-26084-EXP
- https://github.com/wdjcy/CVE-2021-26084
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/whoforget/CVE-POC
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/wolf1892/confluence-rce-poc
- https://github.com/woods-sega/woodswiki
- https://github.com/xanszZZ/pocsuite3-poc
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/youwizard/CVE-POC
- https://github.com/z0edff0x3d/CVE-2021-26084-Confluence-OGNL
- https://github.com/zecool/cve