关联漏洞
标题:
Atlassian Confluence 安全漏洞
(CVE-2023-22527)
描述:Atlassian Confluence是澳大利亚Atlassian公司的一套专业的企业知识管理与协同软件,也可以用于构建企业WiKi。 Atlassian Confluence Data Center and Server存在安全漏洞,该漏洞源于存在模板注入漏洞,允许未经身份验证的攻击者在受影响的实例上实现远程代码执行。
描述
Three go-exploits exploiting CVE-2023-22527 to execute arbitrary code in memory
介绍
# Executing Arbitrary Code In Confluence Memory
[CVE-2023-22527](https://nvd.nist.gov/vuln/detail/CVE-2023-22527) is a widely known vulnerability affecting Atlassian Confluence. Most exploits for this vulnerability use `freemarker.template.utility.Execute()` to execute an operating system command, but they can do so much better. In this repository you'll find three [go-exploit](https://github.com/vulncheck-oss/go-exploit) implementations of CVE-2023-22527 that execute their payload without touching disk (at least until the user directs them to).
You will find the exploits in the following subdirectories
* webshell: loads a webshell into memory
* reverseshell: loads a reverse shell into memory
* nashorn: loads a Nashorn JavaScript reverse shell into memory (only affects Atlassian Confluence using Java below version 15)
## Compiling
All the repositories come with a dockerfile. To build it simply:
```
make docker
```
If you have a Go (and Java) build environment handy, you can also just use `make`:
```
albinolobster@mournland:~/cve-2023-22527/webshell$ make
gofmt -d -w cve-2023-22527.go
golangci-lint run --fix cve-2023-22527.go
javac ABCDEFG.java -classpath ./lib/servlet-api.jar
Note: ABCDEFG.java uses or overrides a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
GOOS=linux GOARCH=arm64 go build -o build/cve-2023-22527_linux-arm64 cve-2023-22527.go
```
文件快照
[4.0K] /data/pocs/037d10aabaa5f4fddf715be8962afd81445063d9
├── [ 11K] LICENSE
├── [4.0K] nashorn
│ ├── [4.8K] cve-2023-22527.go
│ ├── [ 466] Dockerfile
│ ├── [ 877] go.mod
│ ├── [4.7K] go.sum
│ ├── [2.1K] Makefile
│ └── [2.4K] README.md
├── [1.4K] README.md
├── [4.0K] reverseshell
│ ├── [4.9K] cve-2023-22527.go
│ ├── [ 466] Dockerfile
│ ├── [ 882] go.mod
│ ├── [4.7K] go.sum
│ ├── [2.1K] Makefile
│ └── [2.3K] README.md
└── [4.0K] webshell
├── [2.7K] ABCDEFG.java
├── [6.2K] cve-2023-22527.go
├── [ 733] Dockerfile
├── [ 878] go.mod
├── [4.7K] go.sum
├── [4.0K] lib
│ └── [279K] servlet-api.jar
├── [2.2K] Makefile
└── [2.4K] README.md
4 directories, 22 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。