POC详情: 4493b46a35bf696e76b17b5a32c048c5a6db3834

来源
https://github.com/Privia-Security/CVE-2023-22527
关联漏洞
标题: Atlassian Confluence 安全漏洞 (CVE-2023-22527)
描述:Atlassian Confluence是澳大利亚Atlassian公司的一套专业的企业知识管理与协同软件,也可以用于构建企业WiKi。 Atlassian Confluence Data Center and Server存在安全漏洞,该漏洞源于存在模板注入漏洞,允许未经身份验证的攻击者在受影响的实例上实现远程代码执行。
描述
CVE-2023-22527
介绍
# CVE-2023-22527
CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability in Out-of-Date Versions of Confluence Data Center and Server

Advisory Release Date	Tue, Jan 16 2024 01:00 EST

### Products: 
- Confluence Data Center  
- Confluence Server

### Affected Versions:
- 8.0.x
- 8.1.x
- 8.2.x
- 8.3.x
- 8.4.x
- 8.5.0-8.5.3
- 7.19.x LTS versions are not affected by this vulnerability

### References:

https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html?subid=1812250057&jobid=106379017&utm_campaign=confluence-critical-advisory_EML-17850&utm_medium=email&utm_source=alert-email

https://jira.atlassian.com/browse/CONFSERVER-93833

# Usages
### Building the exploit
```
go build -o cve-2023-22527.exe
```
### Exploit
```
cve-2023-22527.exe -I {{target_IP}} -p {{target_Port}}
```
After you built main.go, u're free to exploit.
```
go run main.go -I {{target_IP}} -p {{target_Port}}
```
# PoC
![299332841-b130b1ff-c697-4e46-b94d-201821697363](https://github.com/merimael/CVE-2023-22527/assets/129992461/cb3b0cd7-1f53-4a33-b73c-85c26726e44e)

# Contact me
twitter --> https://twitter.com/m3rim4el
linkedin --> https://www.linkedin.com/in/merimael
文件快照

 [4.0K]  /data/pocs/4493b46a35bf696e76b17b5a32c048c5a6db3834
├── [   2]  cve-2023-22527.exe
├── [ 212]  go.mod
├── [ 946]  go.sum
├── [4.1K]  main.go
└── [1.2K]  README.md

0 directories, 5 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。