CVE-2024-21683

This repository contains a functional exploit for CVE-2024-21683, an authenticated RCE vulnerability in Atlassian Confluence. The exploit leverages an authenticated session to upload a malicious JavaScript file, which executes arbitrary commands via Java's ProcessBuilder.

This repository provides a functional proof-of-concept exploit for CVE-2024-21683, demonstrating remote code execution (RCE) in Confluence Data Center and Server via a malicious JavaScript file upload. The exploit leverages a vulnerability in the language upload functionality to execute arbitrary commands (e.g., launching calc.exe).

The repository provides multiple functional exploit methods for CVE-2024-21683, an RCE vulnerability in Confluence Data Center and Server. It includes detailed steps for exploiting the `/rest/api/user/bulk` endpoint, a Python script for injecting malicious code via the `/rest/api/content` endpoint, and a reverse shell payload via file upload.

This repository contains a functional exploit for CVE-2024-21683, demonstrating RCE via a crafted JavaScript file upload in a vulnerable web application. The PoC automates authentication, token retrieval, and payload delivery to execute arbitrary commands.

This repository contains a functional exploit for CVE-2024-21683, an RCE vulnerability in Atlassian Confluence Server and Data Center. The exploit leverages an authenticated file upload flaw in the 'Add New Language' feature to execute arbitrary JavaScript code on the server.

This Metasploit module exploits CVE-2024-21683, an authenticated RCE vulnerability in Atlassian Confluence. It authenticates as an administrator, elevates privileges, and leverages the Rhino script engine to execute arbitrary commands via tainted file uploads.