confluence-hack icon indicating copy to clipboard operation
confluence-hack copied to clipboard

Published 20 hours ago verified publisher icon AIex-3

Metadata

CVE-2023-22515

Confluence Hack

CVE-2023-22515

exploit.py

Exploit to create a new admin user
Compromised audit log:

As a reverence served: https://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html and https://github.com/Chocapikk/CVE-2023-22515

plugin_shellplug.jar

This plugin provides a web-based shell interface for executing command-line commands on a server
You can install it from the Confluence web admin GUI
Was found on a server that was live in production

ShellServlet.java

Is the decompiled file of plugin_shellplug.jar

Tested on

  • Confluence Server 8.5.1

Disclaimer

This repository is provided for educational and informational purposes only. Use it responsibly and only on systems that you have permission to test. Unauthorized access to computer systems is illegal and unethical.

Metadata

49
Stars
7
Forks
Watchers

Owner

verified publisher icon AIex-3

Metadata

CVE-2023-22515

Back