Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-22527 PoC — Atlassian Confluence 安全漏洞

Source
https://github.com/RevoltSecurities/CVE-2023-22527
Associated Vulnerability
Title:Atlassian Confluence 安全漏洞 (CVE-2023-22527)
Description:A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
Description
An Exploitation tool to exploit the confluence server that are vulnerable to CVE-2023-22527 leads to RCE
Readme
# CVE-2023-22527
An Exploitation tool to exploit the confluence server that are vulnerable to CVE-2023-22527 leads to RCE which tested and proven POC
in vulnerable instance of confluence data center and servers. By this an attacker can execute arbitary code on vulnerable instance


### Installation:

```bash
git clone https://github.com/sanjai-AK47/CVE-2023-22527.git
cd CVE-2023-22527
pip install -r requirements.txt
python3 exploit.py -h
```

### Usage:
```yaml
python3 exploit.py -h                                                                         
usage: exploit.py [-h] [-d DOMAIN] [-dL DOMAINS_LIST] [-cmd COMMAND] [-c CONCURRENCY] [-o OUTPUT] [-to TIME_OUT] [-px PROXY] [-v]

[DESCTIPTION]: Exploitation and Detection tool for Cisco CVE-2023-46747

options:
  -h, --help            show this help message and exit
  -d DOMAIN, --domain DOMAIN
                        [INFO]: Target domain for exploiting without protocol eg:(www.domain.com)
  -dL DOMAINS_LIST, --domains-list DOMAINS_LIST
                        [INFO]: Targets domain for exploiting without protocol eg:(www.domain.com)
  -cmd COMMAND, --command COMMAND
                        [INFO]: Give your burp collabarator url for exploitation
  -c CONCURRENCY, --concurrency CONCURRENCY
                        [INFO]: Give your burp collabarator url for exploitation
  -o OUTPUT, --output OUTPUT
                        [INFO]: File name to save output
  -to TIME_OUT, --time-out TIME_OUT
                        [INFO]: Switiching timeout will requests till for your timeout and also for BURPSUITE
  -px PROXY, --proxy PROXY
                        [INFO]: Switiching proxy will send request to your configured proxy (eg: BURPSUITE)
  -v, --verbose         [INFO]: Switiching Verbose will shows offline targets

```

### Proof Of Exploitation:


[exploit.webm](https://github.com/sanjai-AK47/CVE-2023-22527/assets/119435129/c1ed2eea-700b-4eeb-aa71-2d3dac7da000)

## Information:

Important thing if any unethical exploitation the I'm not responsible for any illegal actions so plese use this for ethical and legal purposes

Proof of conept Developed by [D.Sanjai Kumar](https://www.linkedin.com/in/d-sanjai-kumar-109a7227b/) with ♥️ for any upgrade and miscoded contact me throguh my [LinkedIn](https://www.linkedin.com/in/d-sanjai-kumar-109a7227b/). Thank you!
File Snapshot

 [4.0K]  /data/pocs/0d0fb87fdbde9a7d27875b4d1fd81443af95b2f6
├── [8.7K]  exploit.py
├── [1.0K]  LICENSE
├── [2.3K]  README.md
└── [ 149]  requirements.txt

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →