This Metasploit module can be used to upload a plugin on Atlassian Cloud via the pdkinstall development plugin as an unauthenticated attacker. The payload is uploaded as a JAR archive containing a servlet using a POST request to /crowd/admin/uploadplugin.action. The check command will check that the /crowd/admin/uploadplugin.action page exists and that it responds appropriately to determine if the target is vulnerable or not.

You May Also Like

Cyberium malware-hosting domain employed in multiple Mirai variants campaigns

A new variant of the Mirai botnet, tracked as Moobot, was spotted…