nomisec
WORKING POC
76 stars
by Boogipop · remote
https://github.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL
This repository contains a functional exploit for CVE-2023-22527, which targets Confluence to inject a Godzilla memory shell. The exploit leverages reflection to manipulate the servlet context and establish a backdoor.
Classification
Working Poc 95%
Target:
Atlassian Confluence (tested on 8.5.1)
No auth needed
Prerequisites:
Access to the target Confluence instance · Java runtime environment
nomisec
WORKING POC
41 stars
by M0untainShley · remote
https://github.com/M0untainShley/CVE-2023-22527-MEMSHELL
This repository contains a functional exploit for CVE-2023-22527, targeting Confluence to inject in-memory webshells (Behinder and Godzilla). It leverages template injection via the Velocity engine to achieve remote code execution.
Classification
Working Poc 95%
Target:
Atlassian Confluence 8.5.3
No auth needed
Prerequisites:
Access to the Confluence server's template endpoint · Java runtime environment
nomisec
WORKING POC
25 stars
by Avento · poc
https://github.com/Avento/CVE-2023-22527_Confluence_RCE
This repository contains a functional exploit for CVE-2023-22527, a remote code execution vulnerability in Atlassian Confluence. The exploit leverages an OGNL injection via a maliciously crafted POST request to the `/template/aui/text-inline.vm` endpoint, bypassing the Struts2 sandbox to execute arbitrary commands.
Classification
Working Poc 95%
Target:
Atlassian Confluence Data Center and Server (versions affected by CVE-2023-22527)
No auth needed
Prerequisites:
Network access to the vulnerable Confluence instance · Vulnerable endpoint `/template/aui/text-inline.vm` must be accessible
nomisec
WORKING POC
22 stars
by Manh130902 · remote
https://github.com/Manh130902/CVE-2023-22527-POC
This repository contains a functional exploit for CVE-2023-22527, a template injection vulnerability in Confluence Data Center and Server. The exploit leverages OGNL injection to achieve unauthenticated remote code execution by sending a crafted POST request to the vulnerable endpoint.
Classification
Working Poc 95%
Target:
Atlassian Confluence Data Center and Server (versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.0-8.5.3)
No auth needed
Prerequisites:
Target must be running a vulnerable version of Confluence · Network access to the target
nomisec
WORKING POC
19 stars
by VNCERT-CC · remote
https://github.com/VNCERT-CC/CVE-2023-22527-confluence
This repository contains a functional exploit for CVE-2023-22527, a template injection vulnerability in Confluence. The exploit uses OGNL injection to write a malicious script to a file and execute it, achieving remote code execution (RCE).
Classification
Working Poc 95%
Target:
Atlassian Confluence
No auth needed
Prerequisites:
Target Confluence instance vulnerable to CVE-2023-22527 · Network access to the target
nomisec
WORKING POC
12 stars
by Vozec · remote
https://github.com/Vozec/CVE-2023-22527
This repository contains a functional exploit for CVE-2023-22527, a Server-Side Template Injection (SSTI) vulnerability in Confluence. The exploit leverages a crafted payload to achieve remote code execution (RCE) via the Freemarker template engine.
Classification
Working Poc 100%
Target:
Atlassian Confluence Data Center and Server (versions 8.0.x to 8.5.3)
No auth needed
Prerequisites:
Network access to the vulnerable Confluence instance
nomisec
WORKING POC
9 stars
by RevoltSecurities · remote
https://github.com/RevoltSecurities/CVE-2023-22527
The repository contains a functional exploit for CVE-2023-22527, targeting Confluence servers via an OGNL injection vulnerability. The exploit sends a crafted POST request to execute arbitrary commands, with the response headers confirming successful execution.
Classification
Working Poc 90%
Target:
Atlassian Confluence Server/Data Center
No auth needed
Prerequisites:
Network access to the target Confluence server · Vulnerable version of Confluence (pre-patch)
nomisec
WORKING POC
9 stars
by Chocapikk · remote
https://github.com/Chocapikk/CVE-2023-22527
This repository contains a functional exploit for CVE-2023-22527, a Server-Side Template Injection (SSTI) vulnerability in Atlassian Confluence leading to Remote Code Execution (RCE). The exploit leverages OGNL injection via a crafted POST request to execute arbitrary commands on the target system.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server 8.5.3 and earlier
No auth needed
Prerequisites:
Network access to the target Confluence instance · Target must be running a vulnerable version of Confluence
nomisec
WORKING POC
6 stars
by vulncheck-oss · remote
https://github.com/vulncheck-oss/cve-2023-22527
This repository contains three functional Go-based exploits for CVE-2023-22527, targeting Atlassian Confluence. The exploits demonstrate in-memory execution of payloads (webshell, reverse shell, and Nashorn JavaScript reverse shell) without disk interaction, leveraging OGNL injection for remote code execution.
Classification
Working Poc 95%
Target:
Atlassian Confluence (versions affected by CVE-2023-22527)
No auth needed
Prerequisites:
Network access to vulnerable Confluence instance · Java version below 15 for Nashorn exploit
nomisec
WORKING POC
5 stars
by BBD-YZZ · remote
https://github.com/BBD-YZZ/Confluence-RCE
This repository contains a functional exploit for CVE-2022-26134, a Confluence RCE vulnerability, with a GUI interface for executing commands and reverse shells. The PoC includes multiple Confluence CVEs and supports proxy configurations.
Classification
Working Poc 90%
Target:
Atlassian Confluence
No auth needed
Prerequisites:
Network access to vulnerable Confluence instance · Python environment
nomisec
WORKING POC
5 stars
by adminlove520 · remote
https://github.com/adminlove520/CVE-2023-22527
This repository contains a functional Python exploit for CVE-2023-22527, a remote code execution (RCE) vulnerability in Atlassian Confluence. The exploit leverages a template injection flaw in the `/template/aui/text-inline.vm` endpoint to execute arbitrary commands via OGNL injection, with results returned in the `X-Cmd-Response` header.
Classification
Working Poc 95%
Target:
Atlassian Confluence Data Center and Server (8.0.x - 8.5.3)
No auth needed
Prerequisites:
Network access to the vulnerable Confluence instance · Vulnerable endpoint `/template/aui/text-inline.vm` must be accessible
nomisec
WORKING POC
5 stars
by Privia-Security · remote
https://github.com/Privia-Security/CVE-2023-22527
This repository contains a functional Go-based exploit for CVE-2023-22527, a remote code execution (RCE) vulnerability in Confluence Data Center and Server. The exploit leverages an OGNL injection via a crafted HTTP POST request to execute arbitrary commands on vulnerable systems.
Classification
Working Poc 95%
Target:
Atlassian Confluence Data Center and Server (versions 8.0.x to 8.5.3)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Vulnerable version of Confluence (8.0.x to 8.5.3)
nomisec
WORKING POC
5 stars
by thanhlam-attt · remote
https://github.com/thanhlam-attt/CVE-2023-22527
This repository contains a functional exploit for CVE-2023-22527, a remote code execution vulnerability in Confluence Data Center and Server. The exploit leverages template injection via the `/template/aui/text-inline.vm` endpoint to execute arbitrary commands, including a reverse shell payload.
Classification
Working Poc 95%
Target:
Confluence Data Center and Server (versions 8.0.x to 8.5.3)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Python environment with `requests` library
nomisec
WORKING POC
4 stars
by yoryio · remote
https://github.com/yoryio/CVE-2023-22527
This repository contains a functional exploit for CVE-2023-22527, a Server-Side Template Injection (SSTI) vulnerability in Atlassian Confluence Server and Data Center. The exploit sends a crafted HTTP request to execute arbitrary commands via OGNL injection in the Velocity template engine.
Classification
Working Poc 95%
Target:
Atlassian Confluence Server and Data Center (versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.0-8.5.3)
No auth needed
Prerequisites:
Network access to the target Confluence server · Vulnerable version of Confluence
nomisec
WORKING POC
4 stars
by C1ph3rX13 · remote
https://github.com/C1ph3rX13/CVE-2023-22527
This repository contains a functional Go-based exploit for CVE-2023-22527, an RCE vulnerability in Atlassian Confluence. The exploit leverages OGNL injection via a crafted payload to execute arbitrary commands, bypassing sandbox restrictions via the `isSafeExpression` function.
Classification
Working Poc 95%
Target:
Atlassian Confluence (versions affected by CVE-2023-22527)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Vulnerable version of Confluence
nomisec
WORKING POC
2 stars
by Niuwoo · remote
https://github.com/Niuwoo/CVE-2023-22527
This repository contains a functional exploit for CVE-2023-22527, a remote code execution vulnerability in Atlassian Confluence. The exploit leverages an OGNL injection via a crafted payload sent to the `/template/aui/text-inline.vm` endpoint, allowing arbitrary command execution.
Classification
Working Poc 95%
Target:
Atlassian Confluence
No auth needed
Prerequisites:
Network access to the target Confluence instance · Vulnerable version of Atlassian Confluence
nomisec
STUB
2 stars
by Drun1baby · remote
https://github.com/Drun1baby/CVE-2023-22527
The repository contains only a minimal README with no exploit code, technical details, or functional PoC. It is a placeholder with no substantive content.
Target:
unknown
No auth needed
nomisec
WORKING POC
1 stars
by MaanVader · remote
https://github.com/MaanVader/CVE-2023-22527-POC
The repository contains a functional exploit for CVE-2023-22527, an OGNL injection vulnerability in Atlassian Confluence, allowing unauthenticated remote code execution. It includes a Docker setup for testing and an exploit script with multiple execution modes.
Classification
Working Poc 95%
Target:
Atlassian Confluence Data Center and Server (8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.0-8.5.3)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Vulnerable version of Confluence running
nomisec
WORKING POC
1 stars
by kh4sh3i · remote
https://github.com/kh4sh3i/CVE-2023-22527
The repository contains a functional Python script that exploits CVE-2023-22527, a Server-Side Template Injection (SSTI) vulnerability in Atlassian Confluence. The exploit sends a crafted payload to the `/template/aui/text-inline.vm` endpoint, leveraging OGNL expression injection to achieve remote code execution (RCE).
Classification
Working Poc 95%
Target:
Atlassian Confluence (versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.0-8.5.3)
No auth needed
Prerequisites:
Network access to the target Confluence instance · Vulnerable version of Confluence
nomisec
WRITEUP
1 stars
by ga0we1 · poc
https://github.com/ga0we1/CVE-2023-22527_Confluence_RCE
This repository provides a technical analysis of CVE-2023-22527, an RCE vulnerability in Confluence Data Center and Server. It includes references, a patch diff, and a code snippet showing the fix for blocking specific OGNL variable references.
Classification
Writeup 90%
Target:
Atlassian Confluence Data Center and Server
No auth needed
Prerequisites:
Access to a vulnerable Confluence instance
nomisec
WORKING POC
1 stars
by mylo-2001 · poc
https://github.com/mylo-2001/AtlassianPwn
This repository contains a functional exploit for CVE-2023-22527, targeting Atlassian Confluence versions below 8.5.4. The exploit leverages a template injection vulnerability to achieve remote code execution (RCE) via a crafted payload sent to the `/template/aui/email/velocity.vm` endpoint.
Classification
Working Poc 95%
Target:
Atlassian Confluence < 8.5.4
No auth needed
Prerequisites:
Network access to the target Confluence instance · Target running a vulnerable version of Confluence
nomisec
WORKING POC
by thompson005 · poc
https://github.com/thompson005/CVE-2023-22527
This repository contains functional exploit code demonstrating template injection in Atlassian Confluence, leading to remote code execution (RCE). The payloads include various techniques for information disclosure, file system access, command execution, and persistence.
Classification
Working Poc 95%
Target:
Atlassian Confluence
No auth needed
Prerequisites:
Access to a vulnerable Confluence instance · Ability to send crafted Velocity template payloads
nomisec
WORKING POC
by YongYe-Security · remote
https://github.com/YongYe-Security/CVE-2023-22527
This repository contains a functional exploit for CVE-2023-22527, a template injection vulnerability in Confluence. The exploit leverages OGNL injection to execute arbitrary commands on vulnerable Confluence instances.
Classification
Working Poc 95%
Target:
Atlassian Confluence (versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.0, 8.5.1, 8.5.2, 8.5.3)
No auth needed
Prerequisites:
Target must be running a vulnerable version of Confluence · Network access to the target
metasploit
WORKING POC
EXCELLENT
by Rahul Maini, Harsh Jaiswal, Spencer McIntyre · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/atlassian_confluence_rce_cve_2023_22527.rb
This Metasploit module exploits CVE-2023-22527, an SSTI injection in Atlassian Confluence, allowing remote command execution via OGNL injection. It supports both Unix and Windows targets and includes version detection and platform identification.
Classification
Working Poc 100%
Target:
Atlassian Confluence (8.0 to 8.4, 8.5.0 to 8.5.3)
No auth needed
Prerequisites:
Network access to the Confluence server · Confluence server running a vulnerable version