/cve-2023-22527

Three go-exploits exploiting CVE-2023-22527 to execute arbitrary code in memory

Primary LanguageGoApache License 2.0Apache-2.0

Executing Arbitrary Code In Confluence Memory

CVE-2023-22527 is a widely known vulnerability affecting Atlassian Confluence. Most exploits for this vulnerability use freemarker.template.utility.Execute() to execute an operating system command, but they can do so much better. In this repository you'll find three go-exploit implementations of CVE-2023-22527 that execute their payload without touching disk (at least until the user directs them to).

You will find the exploits in the following subdirectories

  • webshell: loads a webshell into memory
  • reverseshell: loads a reverse shell into memory
  • nashorn: loads a Nashorn JavaScript reverse shell into memory (only affects Atlassian Confluence using Java below version 15)

Compiling

All the repositories come with a dockerfile. To build it simply:

make docker

If you have a Go (and Java) build environment handy, you can also just use make:

albinolobster@mournland:~/cve-2023-22527/webshell$ make
gofmt -d -w cve-2023-22527.go 
golangci-lint run --fix cve-2023-22527.go
javac ABCDEFG.java -classpath ./lib/servlet-api.jar
Note: ABCDEFG.java uses or overrides a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
GOOS=linux GOARCH=arm64 go build -o build/cve-2023-22527_linux-arm64 cve-2023-22527.go