Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added Template for CVE-2023-22527 (atlassian-confluence-ssti-remote-code-execution) #8982

Merged
merged 2 commits into from
Jan 24, 2024
Merged

Added Template for CVE-2023-22527 (atlassian-confluence-ssti-remote-code-execution) #8982

merged 2 commits into from
Jan 24, 2024

Conversation

ehsandeep
Copy link
Member

@ehsandeep @rootxharsh @iamnoooob
Added template for CVE-2023-22527
aba6b4e 
Co-Authored-By: Harsh Jaiswal <21000421+rootxharsh@users.noreply.github.com>
Co-Authored-By: Rahul Maini <31939327+iamnoooob@users.noreply.github.com>
@Luoooio
Copy link

Luoooio commented Jan 23, 2024

Good job! But if the target machine has traffic devices blocking curl and DNS, it will lead to incorrect results. Perhaps setting the response headers through org.apache.struts2.ServletActionContext is a good approach. Please refer to https://github.com/Avento/CVE-2023-22527_Confluence_RCE for more details.

ehsandeep
ehsandeep commented Jan 23, 2024
View reviewed changes
Copy link
Member Author

@ehsandeep ehsandeep left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Luoooio @DhiyaneshGeek @iamnoooob updated the payload, executing whoami cmd that works for both win / unix system!

echo http://localhost | nuclei -t http/cves/2023/CVE-2023-22527.yaml

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.1.7

    projectdiscovery.io

[INF] Current nuclei version: v3.1.7 (latest)
[INF] Current nuclei-templates version: v9.7.4 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 6
[INF] Templates loaded for current scan: 1
[WRN] Executing 1 unsigned templates. Use with caution.
[INF] Targets loaded for current scan: 1
[CVE-2023-22527] [http] [critical] http://localhost/template/aui/text-inline.vm ["nt authority\\network service"]

@DhiyaneshGeek DhiyaneshGeek added the Done Ready to merge label Jan 23, 2024
@DhiyaneshGeek DhiyaneshGeek merged commit 69abc09 into main Jan 24, 2024
2 checks passed
@DhiyaneshGeek DhiyaneshGeek deleted the CVE-2023-22527 branch January 24, 2024 03:59
@zyrnj
Copy link
Contributor

zyrnj commented Jan 25, 2024

Hello author, I wonder why I can rebuild POC with burp suite but cannot reach same result with my python code. I passed label as parameter but tried lots of times failed, do you know why

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DhiyaneshGeek DhiyaneshGeek DhiyaneshGeek approved these changes

Assignees

@ritikchaddha ritikchaddha

Labels
Done Ready to merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@ehsandeep @Luoooio @zyrnj @DhiyaneshGeek @ritikchaddha