CVE-2023-22527 is a widely known vulnerability affecting Atlassian Confluence. Most exploits for this vulnerability use freemarker.template.utility.Execute() to execute an operating system command, but they can do so much better. In this repository you'll find three go-exploit implementations of CVE-2023-22527 that execute their payload without touching disk (at least until the user directs them to).
You will find the exploits in the following subdirectories
- webshell: loads a webshell into memory
- reverseshell: loads a reverse shell into memory
- nashorn: loads a Nashorn JavaScript reverse shell into memory (only affects Atlassian Confluence using Java below version 15)
All the repositories come with a dockerfile. To build it simply:
make docker
If you have a Go (and Java) build environment handy, you can also just use make:
albinolobster@mournland:~/cve-2023-22527/webshell$ make
gofmt -d -w cve-2023-22527.go
golangci-lint run --fix cve-2023-22527.go
javac ABCDEFG.java -classpath ./lib/servlet-api.jar
Note: ABCDEFG.java uses or overrides a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
GOOS=linux GOARCH=arm64 go build -o build/cve-2023-22527_linux-arm64 cve-2023-22527.go