CVE-2019-3396

This Metasploit module exploits CVE-2019-3396, a Velocity template injection vulnerability in Atlassian Confluence's Widget Connector Macro, allowing unauthenticated remote code execution via crafted templates served over FTP.

This exploit leverages CVE-2019-3396, a Server-Side Template Injection (SSTI) vulnerability in Atlassian Confluence's Widget Connector Macro. It supports two modes: path traversal for file disclosure and RCE via template upload, with the latter requiring authentication.

This PoC exploits CVE-2019-3396, a Server-Side Template Injection (SSTI) vulnerability in Atlassian Confluence, allowing remote code execution (RCE) via a malicious macro preview endpoint. The exploit leverages an external template file (cmd.vm) hosted on an FTP server to execute arbitrary commands.

This repository contains a working PoC for CVE-2019-3396, a Confluence unauthenticated RCE vulnerability. The exploit leverages the TinyMCE macro preview endpoint to execute arbitrary commands via Velocity template injection, with optional FTP server setup for payload delivery.

This repository contains a proof-of-concept exploit for CVE-2019-3396, a path traversal vulnerability in Confluence Widget Connector. It includes both RCE and LFI payloads leveraging the `_template` parameter in a macro preview request.

This is a functional exploit for CVE-2019-3396, an unauthenticated RCE vulnerability in Atlassian Confluence. It leverages a Velocity template injection to execute arbitrary commands via a malicious payload hosted on an FTP server.

This PoC exploits CVE-2019-3396, a memory shell vulnerability in Confluence, by injecting a malicious listener to achieve remote code execution. It leverages reflection to manipulate the servlet context and intercept requests for command execution.

This repository provides a detailed analysis of CVE-2019-3396, a template injection vulnerability in Confluence's Widget Connector feature. It includes setup instructions for debugging and traces the exploit path through the codebase.

This repository provides a detailed technical analysis of CVE-2019-3396, a Server-Side Template Injection (SSTI) vulnerability in Atlassian Confluence. The writeup includes setup instructions, debugging steps, and an explanation of how the vulnerability can be exploited via the Widget Connector macro.

The repository contains only a README.md file with minimal content, lacking any exploit code or technical details. It appears to be a placeholder or incomplete submission.

This repository contains a functional PoC for CVE-2019-3396, a critical Server-Side Template Injection (SSTI) vulnerability in Atlassian Confluence. The exploit leverages the Widget Connector macro to achieve remote code execution (RCE) via a malicious template file hosted on an FTP server.

This repository provides a detailed analysis and proof-of-concept for CVE-2019-3396, a Server-Side Template Injection (SSTI) vulnerability in Confluence Server & Data Center. The exploit leverages the Widget Connector plugin to execute arbitrary code via Velocity template injection.

This is a functional exploit for CVE-2019-3396, a Server-Side Template Injection (SSTI) vulnerability in Atlassian Confluence Server. It supports two modes: file system traversal/disclosure and RCE via template upload, with detailed documentation and usage examples.

The repository contains only a README.md with minimal content, indicating it is a placeholder or stub rather than a functional exploit or PoC.

This repository contains a Python-based reverse shell script (nc.py) designed to exploit CVE-2019-3396, a vulnerability in Widget Connector macro in Atlassian Confluence Server. The script establishes a reverse shell connection to a specified IP and port, providing remote command execution capabilities.

The repository contains only a README.md file with minimal content in Chinese, indicating it may be a placeholder or incomplete PoC for CVE-2019-3396. No exploit code or technical details are provided.

This repository is a stub containing only a README.md that links to another GitHub repository for CVE-2019-3396. No exploit code or technical details are provided.

The repository contains only a README.md file with the CVE identifier and no functional exploit code or technical details. It appears to be a placeholder or incomplete submission.

The repository contains only a README.md file with a title referencing CVE-2019-3396 but no exploit code, details, or proof-of-concept. It appears to be an empty or placeholder repository.

The repository contains only a README.md file with no exploit code or technical details. It is likely a placeholder or incomplete writeup for CVE-2019-3396.

This Metasploit module exploits CVE-2019-3396, a Velocity template injection vulnerability in Atlassian Confluence's Widget Connector Macro, allowing unauthenticated remote code execution via crafted templates served over FTP.