An Exploitation tool to exploit the confluence server that are vulnerable to CVE-2023-22518 Improper Authorization Vulnerability
git clone https://github.com/sanjai-AK47/CVE-2023-22518
cd CVE-2023-22518
python3 exploit.pypython3 exploit.py -h
usage: exploit.py [-h] [-d DOMAIN] [-dL DOMAINS_LIST] [-o OUTPUT] [-to TIME_OUT] [-px PROXY] [-v]
[DESCTIPTION]: Exploitation and Detection tool for Cisco CVE-2023-46747
options:
-h, --help show this help message and exit
-d DOMAIN, --domain DOMAIN
[INFO]: Target domain for exploiting without protocol eg:(www.domain.com)
-dL DOMAINS_LIST, --domains-list DOMAINS_LIST
[INFO]: Targets domain for exploiting without protocol eg:(www.domain.com)
-o OUTPUT, --output OUTPUT
[INFO]: File name to save output
-to TIME_OUT, --time-out TIME_OUT
[INFO]: Switiching timeout will requests till for your timeout and also for BURPSUITE
-px PROXY, --proxy PROXY
[INFO]: Switiching proxy will send request to your configured proxy (eg: BURPSUITE)
-v, --verbose [INFO]: Switiching Verbose will shows offline targets
Users can easily make a poc with the Exploiter by giving vulnerable target and make proxy requests using your burpsuite and intercept the request and the below is a following easy poc making flags.
python3 exploit.py -d vulnerable.com -o output.txt --proxy 127.0.0.1:8080 --time-out 40
When the script exploits the vulnerability it will show the vulnerable output and server path of the targets
Important thing if any unethical exploitation the I'm not responsible for any illegal actions so plese use this for ethical and legal purposes
Proof of conept Developed by D.Sanjai Kumar with