This Metasploit module can be used to upload a plugin on Atlassian Cloud via the pdkinstall development plugin as an unauthenticated attacker. The payload is uploaded as a JAR archive containing a servlet using a POST request to /crowd/admin/uploadplugin.action. The check command will check that the /crowd/admin/uploadplugin.action page exists and that it responds appropriately to determine if the target is vulnerable or not.

You May Also Like

Sprite Spider emerging as one of the most destructive ransomware threat actors

At the recent SANS Cyber Threat Intelligence Summit, two CrowdStrike cybersecurity leads,…