This is a quick and dirty poc, tuned for a specifc confluence instance as none of the existing off the shelf pocs worked.

Obviously it's almost entirely based on the work of https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md and https://github.com/alt3kx/CVE-2021-26084_PoC

You'll need to set some variables in the script.

• host is the host your checking.
• sessionid is the session id obtainable from the JSESSIONID cookie created with you log into confluece
• spacekey is any valid space key on your system - See here for more on spacekeys - https://confluence.atlassian.com/doc/space-keys-829076188.html
• cmd is the command to run - if all you're doing it checking for the patch, any valid comannd (i.e ls or id) is fine, for actual exploitation the command is run blind, you don't see any output, so a service like interact.sh can be very helpful (especially if the server doesn't allow outbound https and you're exfiling over DNS)

NOTE: This has only been tested on a two identical on-prem servers, where other PoCs didn't work, so it's very possible it may not work elsewhere.