CVE-2023-22515 PoC — Atlassian Confluence Server 安全漏洞

Source

https://github.com/K4ptor/CVE-2023-22515

Associated Vulnerability

Title:Atlassian Confluence Server 安全漏洞 (CVE-2023-22515)
Description:Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

Description

Confluence未授权添加管理员用户漏洞利用脚本

Readme

# CVE-2023-22515 Exploit Script

## 影响版本
```
8.0.0<=Atlassian Confluence<=8.5.1
```

## 漏洞利用
随机添加用户名和密码
```
python3 CVE-2023-22515.py -h
usage: confluence.py [-h] [-url URL]
optional arguments:
  -h, --help  show this help message and exit
  -url URL    目标url如：http://xx.xx.xx.xx
```
![image](https://github.com/sincere9/CVE-2023-22515/assets/128219249/caedd132-4cdf-4f94-9831-e45721b85170)

File Snapshot


 [4.0K]  /data/pocs/5841daa7eed976daefb5ae7ceec9c968490fefec
├── [1.7K]  CVE-2023-22515.py
└── [ 435]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!