漏洞平台

POC详情： 802c08548b6bca343c1851161de2387028cf6db1

来源

https://github.com/kh4sh3i/CVE-2023-22515

关联漏洞

标题： Atlassian Confluence Server 安全漏洞 (CVE-2023-22515)
描述：Atlassian Confluence Server是澳大利亚Atlassian公司的一套具有企业知识管理功能，并支持用于构建企业WiKi的协同软件的服务器版本。 Atlassian Confluence Server存在安全漏洞，该漏洞源于外部攻击者可能利用可公开访问的Confluence Data Center和Confluence Serve，用未知的漏洞来创建Confluence 管理员帐户并访问 Confluence 实例。

描述

CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server

介绍

<h1 align="center">
  <br>
  <a href=""><img src="/img/logo.png" alt="" width="300px;"></a>
  <br>
  <img src="https://img.shields.io/badge/PRs-welcome-blue">
  <img src="https://img.shields.io/github/last-commit/kh4sh3i/CVE-2023-22515">
  <img src="https://img.shields.io/github/commit-activity/m/kh4sh3i/CVE-2023-22515">
  <a href="https://twitter.com/intent/follow?screen_name=kh4sh3i_"><img src="https://img.shields.io/twitter/follow/kh4sh3i_?style=flat&logo=twitter"></a>
  <a href="https://github.com/kh4sh3i"><img src="https://img.shields.io/github/stars/kh4sh3i?style=flat&logo=github"></a>
</h1>


# CVE-2023-22515
CVE-2023-22515, a critical vulnerability affecting on-premises instances of Confluence Server and Confluence Data Center, a Broken Access Control vulnerability. Attlassian has provided a CVSS base score of 10.0



## One line poc
```
cat file.txt| while read host do;do curl -skL "http://$host/setup/setupadministrator.action" | grep -i "<title>Setup System Administrator" && echo $host "is VULN";done
```




## Nuclei
```
nuclei -u target -t CVE-2023-22515.yaml
```

## Prerequisites
```
sudo pip install -r requirements.txt
```


## Usage
```
sudo python3 exploit.py --url [target]
```


## Affected Versions
```
8.0.0
8.0.1
8.0.2
8.0.3
8.0.4
8.1.0
8.1.1
8.1.3
8.1.4
8.2.0
8.2.1
8.2.2
8.2.3
8.3.0
8.3.1
8.3.2
8.4.0
8.4.1
8.4.2
8.5.0
8.5.1
```


## Fixed Versions
```
8.3.3 or later
8.4.3 or later
8.5.2 (Long Term Support release) or later
```


## refrences
* [atlassian](https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html)
* [nist](https://nvd.nist.gov/vuln/detail/CVE-2023-22515)

文件快照


 [4.0K]  /data/pocs/802c08548b6bca343c1851161de2387028cf6db1
├── [2.9K]  CVE-2023-22515.yaml
├── [3.0K]  exploit.py
├── [4.0K]  img
│   └── [ 74K]  logo.png
├── [6.9K]  LICENSE
├── [1.7K]  README.md
└── [  64]  requirements.txt

1 directory, 6 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。