This Metasploit module can be used to upload a plugin on Atlassian Cloud via the pdkinstall development plugin as an unauthenticated attacker. The payload is uploaded as a JAR archive containing a servlet using a POST request to /crowd/admin/uploadplugin.action. The check command will check that the /crowd/admin/uploadplugin.action page exists and that it responds appropriately to determine if the target is vulnerable or not.
3e45d1541858eca07bdf958f9f224a9b488c705ba65f4fdb0909d25e3d5eb68fYouTube.com has a flaw that allows for arbitrary javascript execution.
f13cd7d75067b0ec8bcd4a8f9b7c93954b23f993fd2eeac563f81586602707db
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed