This Metasploit module can be used to upload a plugin on Atlassian Cloud via the pdkinstall development plugin as an unauthenticated attacker. The payload is uploaded as a JAR archive containing a servlet using a POST request to /crowd/admin/uploadplugin.action. The check command will check that the /crowd/admin/uploadplugin.action page exists and that it responds appropriately to determine if the target is vulnerable or not.
You May Also Like
CentOS Web Panel 0.9.8.1081 Cross Site Scripting
CentOS Web Panel version 0.9.8.1081 suffers from a persistent cross site scripting…
- cybersecurityredflag_sdevzw
- August 16, 2021
HEUR.Backdoor.Win32.Winnti.gen Insecure Permissions
HEUR.Backdoor.Win32.Winnti.gen malware suffers from an insecure permissions vulnerability.
- cybersecurityredflag_sdevzw
- July 19, 2021
Cyberium malware-hosting domain employed in multiple Mirai variants campaigns
A new variant of the Mirai botnet, tracked as Moobot, was spotted…
- cybersecurityredflag_sdevzw
- June 16, 2021
Leawo Prof. Media 11.0.0.1 Denial Of Service
Leawo Prof. Media version 11.0.0.1 suffers from a denial of service vulnerability.
- cybersecurityredflag_sdevzw
- July 26, 2021