exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Corben Leo

Atlassian Crowd pdkinstall Remote Code Execution

Posted Aug 12, 2021

Authored by Paul, Corben Leo, Grant Willcox | Site metasploit.com

This Metasploit module can be used to upload a plugin on Atlassian Cloud via the pdkinstall development plugin as an unauthenticated attacker. The payload is uploaded as a JAR archive containing a servlet using a POST request to /crowd/admin/uploadplugin.action. The check command will check that the /crowd/admin/uploadplugin.action page exists and that it responds appropriately to determine if the target is vulnerable or not.

tags | exploit

advisories | CVE-2019-11580

SHA-256 | 3e45d1541858eca07bdf958f9f224a9b488c705ba65f4fdb0909d25e3d5eb68f

Download | Favorite | View

Marked2 Local File Disclosure

Posted Feb 8, 2018

Authored by Corben Leo

Marked2 suffers from a local file disclosure vulnerability.

tags | exploit, local, info disclosure

SHA-256 | 3afe747dc610f85ce34fd6595093e3c0f7fd5d04e4fcb4ea03d5ae1c138962dd

Download | Favorite | View