CVE-2023-22515 PoC — Atlassian Confluence Server 安全漏洞

Source

Associated Vulnerability

Description

This script will inform the user if the Confluence instance is vulnerable, but it will not proceed with the exploitation steps.

Readme

Disclaimer

This script is for educational and testing purposes only. Use it responsibly and ensure you have permission to test the target Confluence instance. Unauthorized testing is illegal and unethical.


# Confluence CVE-2023-22515 Vulnerability Detection Script

This script checks if a Confluence instance is vulnerable to CVE-2023-22515, a critical Broken Access Control vulnerability affecting Atlassian Confluence Data Center and Server versions 8.0.0 and above. The script does not exploit the vulnerability; it only checks for the version and setup mode configuration.

## Prerequisites

- Python 3.x
- `requests` library
- `packaging` library

You can install the required libraries using pip:
```sh
pip install requests packaging

    Clone the repository or download the script file.

    Run the script in your Python environment:



python confluence_vulnerability_check.py

    Input the URL of the Confluence instance when prompted (e.g., http://example.com).

    The script will check the Confluence version and determine if the instance is vulnerable to CVE-2023-22515.

Output

The script will output the Confluence version and inform you whether the instance is vulnerable based on the version and setup mode check. Example output:



Enter the URL of the Confluence instance (e.g., http://example.com): http://example.com
Confluence version detected: 7.19.22
The Confluence instance is not vulnerable to CVE-2023-22515.


Contributing

Contributions are welcome! Please open an issue or submit a pull request.

File Snapshot

 [4.0K]  /data/pocs/de6f3afbc5fa235841c0b6033cc0fc37453391d6
├── [2.1K]  confluence_vulnerability_check.py
├── [1.0K]  LICENSE
└── [1.5K]  README.md

0 directories, 3 files

Remarks