POC详情: f8777cc9a5ba6a032169aa83a1ffa7bbd329da72

来源
https://github.com/yoryio/CVE-2023-22527
关联漏洞
标题: Atlassian Confluence 安全漏洞 (CVE-2023-22527)
描述:Atlassian Confluence是澳大利亚Atlassian公司的一套专业的企业知识管理与协同软件,也可以用于构建企业WiKi。 Atlassian Confluence Data Center and Server存在安全漏洞,该漏洞源于存在模板注入漏洞,允许未经身份验证的攻击者在受影响的实例上实现远程代码执行。
描述
Exploit for CVE-2023-22527 - Atlassian Confluence
介绍
# CVE-2023-22527

### CVE-2023-22527 - Server-side Template Injection (SSTI) vulnerability allowing Remote Code Execution (RCE) In Confluence Data Center and Confluence Server

![image](https://github.com/yoryio/CVE-2023-22527/assets/134471901/c1fe76f3-102f-440a-8028-c29fba4e8f53)


*Products and Versions affected:*

| Product                           | Affected Versions                                        |
| :-------------------------------- | :------------------------------------------------------- |
| Confluence Data Center and Server | 8.0.x <br />8.2.x<br />8.3.x<br />8.4.x<br />8.5.0-8.5.3 |

- **CVSS:** 10.0
- **Actively Exploited:** [YES](https://www.cisa.gov/news-events/alerts/2024/01/24/cisa-adds-one-known-exploited-vulnerability-catalog)
- **Patch:** [YES](https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html)
- **Mitigation:** NO

# Help

```
usage: CVE-2023-22527.py [-h] -u URL [-c COMMAND]

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     Atlassian Confluence Server URL
  -c COMMAND, --command COMMAND
                        Command to Execute
```

**Example:** `python CVE-2023-22527.py -u https://10.10.12.2 -c whoami`

# Lab

You can use Try Hack Me's Room [Confluence CVE-2023-22515](https://tryhackme.com/room/confluence202322515) to test the exploit because it also runs a vulnerable version affected by **CVE-2023-22527**.

# Vision of Atlassian Confluence Servers by SHADOWSERVER:

![map](https://github.com/yoryio/CVE-2023-22527/assets/134471901/e39842f1-7db5-4a65-a9f1-7ad9ef3b583a)


# References
- [Where are they now? Starring: Confluence CVE-2023-22527](https://www.labs.greynoise.io/grimoire/2024-03-confluence-where-are-they-now/)
- [Atlassian Confluence - Remote Code Execution (CVE-2023-22527)](https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution/)
- [Shadowserver Atlassian Statistics](https://dashboard.shadowserver.org/statistics/iot-devices/map/?day=2024-01-23&vendor=atlassian&model=confluence&geo=all&data_set=count&scale=log)
- [CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server](https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html)
- [GreyNoise Tag - Atlassian Confluence Template Injection RCE Attempt](https://viz.greynoise.io/tags/atlassian-confluence-template-injection-rce-attempt-cve-2023-22527)
- [CISA Adds One Known Exploited Vulnerability to Catalog](https://www.cisa.gov/news-events/alerts/2024/01/24/cisa-adds-one-known-exploited-vulnerability-catalog)
文件快照

 [4.0K]  /data/pocs/f8777cc9a5ba6a032169aa83a1ffa7bbd329da72
├── [2.3K]  CVE-2023-22527.py
└── [2.7K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。