CVE-2023-22527 联合开发网

Pudn.com > 下载中心 > 系统/网络安全 > CVE-2023-22527

CVE-2023-22527

atlassian-confluence cve-2023-22527

所属分类：系统/网络安全
开发工具：Python
文件大小：0KB
下载次数：0
上传日期：2024-03-13 05:48:15
上传者：sh-1993

说明：利用CVE-223-22527-Atlassian Confluence数据中心和服务器
(Exploit for CVE-2023-22527 - Atlassian Confluence Data Center and Server)

文件列表:

CVE-2023-22527.py

# CVE-2023-22527 ### CVE-2023-22527 - Server-side Template Injection (SSTI) vulnerability allowing Remote Code Execution (RCE) In Confluence Data Center and Confluence Server ![image](https://github.com/yoryio/CVE-2023-22527/assets/134471901/c1fe76f3-102f-440a-8028-c29fba4e8f53) *Products and Versions affected:* | Product | Affected Versions | | :-------------------------------- | :------------------------------------------------------- | | Confluence Data Center and Server | 8.0.x
8.2.x
8.3.x
8.4.x
8.5.0-8.5.3 | - **CVSS:** 10.0 - **Actively Exploited:** [YES](https://www.cisa.gov/news-events/alerts/2024/01/24/cisa-adds-one-known-exploited-vulnerability-catalog) - **Patch:** [YES](https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html) - **Mitigation:** NO # Help ``` usage: CVE-2023-22527.py [-h] -u URL [-c COMMAND] options: -h, --help show this help message and exit -u URL, --url URL Atlassian Confluence Server URL -c COMMAND, --command COMMAND Command to Execute ``` **Example:** `python CVE-2023-22527.py -u https://10.10.12.2 -c whoami` # Lab You can use Try Hack Me's Room [Confluence CVE-2023-22515](https://tryhackme.com/room/confluence202322515) to test the exploit because it also runs a vulnerable version affected by **CVE-2023-22527**. # Vision of Atlassian Confluence Servers by SHADOWSERVER: ![map](https://github.com/yoryio/CVE-2023-22527/assets/134471901/e39842f1-7db5-4a65-a9f1-7ad9ef3b583a) # References - [Atlassian Confluence - Remote Code Execution (CVE-2023-22527)](https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution/) - [Shadowserver Atlassian Statistics](https://dashboard.shadowserver.org/statistics/iot-devices/map/?day=2024-01-23&vendor=atlassian&model=confluence&geo=all&data_set=count&scale=log) - [CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server](https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html) - [GreyNoise Tag - Atlassian Confluence Template Injection RCE Attempt](https://viz.greynoise.io/tags/atlassian-confluence-template-injection-rce-attempt-cve-2023-22527) - [CISA Adds One Known Exploited Vulnerability to Catalog](https://www.cisa.gov/news-events/alerts/2024/01/24/cisa-adds-one-known-exploited-vulnerability-catalog)

近期下载者：

相关文件：

评论：[我要评论] [举报此文件]

收藏者：