This exploit is only intended to facilitate demonstrations of the vulnerability by researchers. I disapprove of illegal actions and take no responsibility for any malicious use of this script. The proof of concept demonstrated in this repository does not expose any hosts and was performed with permission.
![]()
$ python3 Confluence_OGNLInjection.py -u http://xxxxx.com
$ python3 Confluence_OGNLInjection.py -u http://xxxxx.com -p /pages/createpage-entervariables.action?SpaceKey=x
https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md