Atlassian Confluence SSTI Injection
Title source: metasploitExploitation Summary
CVE-2023-22527 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added January 24, 2024, with confirmed use in ransomware campaigns.
EIP tracks 25 public exploits from researchers including Boogipop, M0untainShley, Avento, including a Metasploit module exploits/multi/http/atlassian_confluence_rce_cve_2023_22527.
A Nuclei detection template is also available.
AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-22527, which targets Confluence to inject a Godzilla memory shell. The exploit leverages reflection to manipulate the servlet context and establish a backdoor.
Description
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
Exploits (25)
This repository contains a functional exploit for CVE-2023-22527, which targets Confluence to inject a Godzilla memory shell. The exploit leverages reflection to manipulate the servlet context and establish a backdoor.
This repository contains a functional exploit for CVE-2023-22527, targeting Confluence to inject in-memory webshells (Behinder and Godzilla). It leverages template injection via the Velocity engine to achieve remote code execution.
This repository contains a functional exploit for CVE-2023-22527, a remote code execution vulnerability in Atlassian Confluence. The exploit leverages an OGNL injection via a maliciously crafted POST request to the `/template/aui/text-inline.vm` endpoint, bypassing the Struts2 sandbox to execute arbitrary commands.
This repository contains a functional exploit for CVE-2023-22527, a template injection vulnerability in Confluence Data Center and Server. The exploit leverages OGNL injection to achieve unauthenticated remote code execution by sending a crafted POST request to the vulnerable endpoint.
This repository contains a functional exploit for CVE-2023-22527, a template injection vulnerability in Confluence. The exploit uses OGNL injection to write a malicious script to a file and execute it, achieving remote code execution (RCE).
This repository contains a functional exploit for CVE-2023-22527, a Server-Side Template Injection (SSTI) vulnerability in Confluence. The exploit leverages a crafted payload to achieve remote code execution (RCE) via the Freemarker template engine.
The repository contains a functional exploit for CVE-2023-22527, targeting Confluence servers via an OGNL injection vulnerability. The exploit sends a crafted POST request to execute arbitrary commands, with the response headers confirming successful execution.
This repository contains a functional exploit for CVE-2023-22527, a Server-Side Template Injection (SSTI) vulnerability in Atlassian Confluence leading to Remote Code Execution (RCE). The exploit leverages OGNL injection via a crafted POST request to execute arbitrary commands on the target system.
This repository contains three functional Go-based exploits for CVE-2023-22527, targeting Atlassian Confluence. The exploits demonstrate in-memory execution of payloads (webshell, reverse shell, and Nashorn JavaScript reverse shell) without disk interaction, leveraging OGNL injection for remote code execution.
This repository contains a functional exploit for CVE-2022-26134, a Confluence RCE vulnerability, with a GUI interface for executing commands and reverse shells. The PoC includes multiple Confluence CVEs and supports proxy configurations.
This repository contains a functional exploit for CVE-2023-22527, a remote code execution vulnerability in Confluence Data Center and Server. The exploit leverages template injection via the `/template/aui/text-inline.vm` endpoint to execute arbitrary commands, including a reverse shell payload.
This repository contains a functional Python exploit for CVE-2023-22527, a remote code execution (RCE) vulnerability in Atlassian Confluence. The exploit leverages a template injection flaw in the `/template/aui/text-inline.vm` endpoint to execute arbitrary commands via OGNL injection, with results returned in the `X-Cmd-Response` header.
This repository contains a functional Go-based exploit for CVE-2023-22527, a remote code execution (RCE) vulnerability in Confluence Data Center and Server. The exploit leverages an OGNL injection via a crafted HTTP POST request to execute arbitrary commands on vulnerable systems.
This repository contains a functional exploit for CVE-2023-22527, a Server-Side Template Injection (SSTI) vulnerability in Atlassian Confluence Server and Data Center. The exploit sends a crafted HTTP request to execute arbitrary commands via OGNL injection in the Velocity template engine.
This repository contains a functional Go-based exploit for CVE-2023-22527, an RCE vulnerability in Atlassian Confluence. The exploit leverages OGNL injection via a crafted payload to execute arbitrary commands, bypassing sandbox restrictions via the `isSafeExpression` function.
This repository contains a functional exploit for CVE-2023-22527, a remote code execution vulnerability in Atlassian Confluence. The exploit leverages an OGNL injection via a crafted payload sent to the `/template/aui/text-inline.vm` endpoint, allowing arbitrary command execution.
The repository contains only a minimal README with no exploit code, technical details, or functional PoC. It is a placeholder with no substantive content.
This repository contains a functional exploit for CVE-2023-22527, targeting Atlassian Confluence versions below 8.5.4. The exploit leverages a template injection vulnerability to achieve remote code execution (RCE) via a crafted payload sent to the `/template/aui/email/velocity.vm` endpoint.
The repository contains a functional Python script that exploits CVE-2023-22527, a Server-Side Template Injection (SSTI) vulnerability in Atlassian Confluence. The exploit sends a crafted payload to the `/template/aui/text-inline.vm` endpoint, leveraging OGNL expression injection to achieve remote code execution (RCE).
The repository contains a functional exploit for CVE-2023-22527, an OGNL injection vulnerability in Atlassian Confluence, allowing unauthenticated remote code execution. It includes a Docker setup for testing and an exploit script with multiple execution modes.
This repository provides a technical analysis of CVE-2023-22527, an RCE vulnerability in Confluence Data Center and Server. It includes references, a patch diff, and a code snippet showing the fix for blocking specific OGNL variable references.
This repository contains functional exploit code demonstrating template injection in Atlassian Confluence, leading to remote code execution (RCE). The payloads include various techniques for information disclosure, file system access, command execution, and persistence.
This repository contains a functional exploit for CVE-2023-22527, a template injection vulnerability in Confluence. The exploit leverages OGNL injection to execute arbitrary commands on vulnerable Confluence instances.
This Metasploit module exploits CVE-2023-22527, an SSTI injection in Atlassian Confluence, allowing remote command execution via OGNL injection. It supports both Unix and Windows targets and includes version detection and platform identification.
Nuclei Templates (1)
http.component:"Atlassian Confluence" || http.component:"atlassian confluence"
app="atlassian-confluence"
References (5)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H