来源

关联漏洞

描述

Atlassian Confluence - Remote Code Execution

介绍

# Atlassian Confluence CVE-2023-22527 Scanner 🛡️

## Overview 🌟
This tool scans for the CVE-2023-22527 vulnerability in Atlassian Confluence, a critical RCE flaw allowing unauthorized remote code execution.

## Features 🚀
- **Single URL Scan**: Scan a specific target for the vulnerability.
- **Bulk Scan**: Process multiple URLs from a file for efficient vulnerability assessment.
- **Concurrency Control**: Utilize threading for faster bulk scanning.
- **Output Logging**: Save vulnerable URLs to a specified file.

## Usage 💻
1. **Single URL Scan**: `python exploit.py -u <URL>`
2. **Bulk Scan**: `python exploit.py -f <file_path>`
3. **Set Threads**: `python exploit.py -t <number_of_threads>`
4. **Output File**: `python exploit.py -o <output_file_path>`

## Requirements 📋
- Python 3.10+
- Dependencies: `requests`, `prompt_toolkit`, `rich`, `alive_progress`

## Installation 🛠️
1. Clone the repository: `git clone https://github.com/Chocapikk/CVE-2023-22527`
2. Install dependencies: `pip install -r requirements.txt`

## Example 🔍
```bash
$ python3 exploit.py -u http://localhost:8092
[+] http://localhost:8092 is vulnerable - confluence
[!] Shell is ready, please type your commands UwU
$ id
uid=2002(confluence) gid=2002(confluence) groups=2002(confluence),0(root)
$ pwd
/var/atlassian/application-data/confluence
$ hostname
ff7bfe2e7109
```

## Disclaimer ⚠️
This tool is intended for security research and should only be used on systems with explicit authorization. Misuse may lead to legal consequences.

## More Information 🔗
For more detailed information about the CVE-2023-22527 vulnerability, refer to the [Project Discovery Blog Post](https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution/).

文件快照

 [4.0K]  /data/pocs/429de80f60c07de8cd85447e0e32a6750cd01cc2
├── [ 448]  docker-compose.yml
├── [4.8K]  exploit.py
├── [1.7K]  README.md
└── [  53]  requirements.txt

0 directories, 4 files

备注