漏洞平台

POC详情： 9e1ec1c21c0ff96d61e2165b62aae258e1a3d8d4

来源

https://github.com/MaanVader/CVE-2023-22527-POC

关联漏洞

标题： Atlassian Confluence 安全漏洞 (CVE-2023-22527)
描述：Atlassian Confluence是澳大利亚Atlassian公司的一套专业的企业知识管理与协同软件，也可以用于构建企业WiKi。 Atlassian Confluence Data Center and Server存在安全漏洞，该漏洞源于存在模板注入漏洞，允许未经身份验证的攻击者在受影响的实例上实现远程代码执行。

描述

Atlassian Confluence Remote Code Execution(RCE) Proof Of Concept

介绍

# CVE-2023-22527: Atlassian Confluence Vulnerability

## Introduction

The CVE-2023-22527 vulnerability is a critical security flaw in Atlassian Confluence, a widely used collaboration and documentation platform. This vulnerability exists in both Confluence Data Center and Confluence Server, which are versions of the platform designed for organizational use on self-hosted servers or cloud infrastructure.

### Vulnerability Details

- **Vulnerability Type**: OGNL (Object-Graph Navigation Language) Injection
- **CVSS Score**: 10.0 (Critical)
- **Affected Versions**:
  - Confluence Data Center and Server: 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.0-8.5.3

This vulnerability allows for unauthenticated remote code execution, making it possible for adversaries to exploit vulnerable Confluence instances. It's crucial for organizations to patch their systems as soon as possible, considering the high risk and the active exploitation attempts in the wild.

## Docker Setup for Testing

To facilitate testing and understanding of this vulnerability, a Docker setup is provided. The Docker configuration includes an instance of Atlassian Confluence Server `8.5.3`, which is vulnerable to CVE-2023-22527.


### Running the Docker Setup

1. Save the above configuration in a file named `docker-compose.yml`.
2. Run the Docker setup:
   ```bash
   docker-compose up
   ```
3. The Confluence instance will be accessible at `http://localhost:8090`.

## Exploit Script Usage

The exploit script is designed to test the CVE-2023-22527 vulnerability in Confluence instances.

### Running the Script

- **Single URL Mode**:
  ```bash
  python3 exploit.py -u http://<target-ip>:8090 -c "whoami"
  ```
- **File Mode** (for multiple IPs):
  ```bash
  python3 exploit.py -f ips.txt -c "whoami"
  ```
- **Interactive Shell Mode**:
  ```bash
  python3 exploit.py -u http://<target-ip>:8090 --shell
  ```

Type `exit` to leave the interactive shell.


## Disclaimer 🚨

This information is provided strictly for educational and research purposes only 📚. Testing the script should only be conducted on systems where explicit permission has been granted ✅. Unauthorized use of this script and information is illegal 🚫 and unethical 😠.

---

References:
1. [Atlassian Security Advisory](https://confluence.atlassian.com/security/)
2. [ShadowServer Report](https://www.shadowserver.org/)
3. [Tenable blog](https://www.tenable.com/blog/cve-2023-22527-atlassian-confluence-data-center-and-server-template-injection-exploited-in-the)

文件快照


 [4.0K]  /data/pocs/9e1ec1c21c0ff96d61e2165b62aae258e1a3d8d4
├── [ 430]  docker-compose.yml
├── [2.7K]  exploit.py
└── [2.5K]  README.md

0 directories, 3 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。