Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-22515 PoC — Atlassian Confluence Server 安全漏洞

Source
https://github.com/rxerium/CVE-2023-22515
Associated Vulnerability
Title:Atlassian Confluence Server 安全漏洞 (CVE-2023-22515)
Description:Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
Description
Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
Readme
# CVE-2023-22515


 ## How does this detection method work?

 This template looks at the following endpoints:
 ```
      - "{{BaseURL}}/dologin.action"
      - "{{BaseURL}}"
      - "{{BaseURL}}/pages"
      - "{{BaseURL}}/confluence"
      - "{{BaseURL}}/wiki"
 ```

 From these endpoints it will extract the version, if the version matches any of the below versions it is considered vulnerable:

 ```
          - "8.0.0"
          - "8.0.1"
          - "8.0.2"
          - "8.0.3"
          - "8.0.4"
          - "8.1.0"
          - "8.1.1"
          - "8.1.3"
          - "8.1.4"
          - "8.2.0"
          - "8.2.1"
          - "8.2.2"
          - "8.2.3"
          - "8.3.0"
          - "8.3.1"
          - "8.3.2"
          - "8.4.0"
          - "8.4.1"
          - "8.4.2"
          - "8.5.0"
          - "8.5.1"
 ```

 ## How do I run this template?

1. Download Nuclei from [here](https://github.com/projectdiscovery/nuclei)
2. Copy the template to your local system
3. Run the following command: `nuclei -u https://yourHost.com -t CVE-2023-22515.yaml` 


## Disclaimer

Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.
File Snapshot

 [4.0K]  /data/pocs/6db1709f3810b4ebfa289d812b086b5dea442c2c
├── [1.2K]  CVE-2023-22515.yaml
└── [1.2K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →