![]() In the examples above, we can see that attackers are already utilizing a known evasion technique by adding a semicolon in the path (which represents the “path parameters“). link/lookup/pages /createpage-entervariables.action ae/en/pages /createpage-entervariables.action ![]() /media/pages/doenterpagevariables.action ![]() confluence/pages/doenterpagevariables.action confluence/pages/createpage-entervariables.action ![]() As well as the original two URLs that were initially published, we now have these variants: Īlthough the early adopter attackers copy-pasted the existing PoCs, we now see in our data the natural evolution of variants in the wild. As it happens with other zero-day RCEs, some of those PoCs were adopted in no time by several threat actors, while first mass reconnaissance and exploitation attempts were already observed on August 28.Ĭurrent attack campaigns are already reported to deploy XMRig and Kinsing cryptocoin miners, and more recent ones also include Tsunami/Kaiten DDoS bots. The exploitation complexity of this vulnerability is low, and since the disclosure on August 25, tens of (PoC variants have emerged.
0 Comments
Leave a Reply. |