Skip to content

ZeroAuth

Security Research & Bug Bounty Hunter

Posted on July 18, 2019March 14, 2020 by Zeroauth

Proof of Concept exploit for Atlassian Crowd RCE – CVE-2019-11580

Hello there,

Sharing my proof of concept for Atlassian Crowd RCE – CVE-2019-11580.  I was going to make a blog post detailing all the inner workings but someone has already made a very detailed analysis here: https://www.corben.io/atlassian-crowd-rce/

You can find all the source code here:

https://gitlab.com/zeroauth/cve-2019-11580_poc_exploit

 

CategoriesPOC, RCE

Post navigation

Previous PostPrevious CVE-2019-12934 – wp-code-highlightjs WordPress Plugin CSRF leads to blog-wide injected script/HTML
Next PostNext CVE-2019-14216 – svg-vector-icon-plugin WordPress plugin vulnerable to CSRF and Arbitrary File Upload leading to Remote Code Execution

Follow me on Twitter!

Follow @zeroauth

Recent Posts

  • Proof of Concept exploit for CVE-2020-15149 – NodeBB Arbitrary User Password Change
  • Proof of Concept exploit for CVE-2020-1693 – Spacewalk <= 2.9 XXE
  • CVE-2020-9006 – popup-builder WP Plugin SQL injection via PHP Deserialization
  • CVE-2019-20104 – Atlassian Crowd OpenID client vulnerable to Remote DoS via XML Entity Expansion
  • CVE-2020-6850 – miniOrange SAML WP Plugin before 4.8.84 is vulnerable to XSS via a specially crafted SAML XML Response
  • Analysis on CVE-2020-7241, misrepresenting a security vulnerability?
  • CVE-2020-6849 – marketo-forms-and-tracking WordPress Plugin vulnerable to CSRF leading to XSS attack
  • Using Frida to bypass SSL cert pinning on custom certificate pinning solution.
  • CVE-2019-15128 – iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user.
  • CVE-2019-14216 – svg-vector-icon-plugin WordPress plugin vulnerable to CSRF and Arbitrary File Upload leading to Remote Code Execution
  • Proof of Concept exploit for Atlassian Crowd RCE – CVE-2019-11580
  • CVE-2019-12934 – wp-code-highlightjs WordPress Plugin CSRF leads to blog-wide injected script/HTML

Archives

  • August 2020
  • February 2020
  • January 2020
  • August 2019
  • July 2019
  • May 2019

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org
Visit my Bugcrowd | Visit my HackerOne