Giter VIP home page Giter VIP logo

cve-2023-22515's Introduction

CVE-2023-22515 Exploit Script ๐Ÿ”

This script is designed to exploit the CVE-2023-22515 vulnerability in Confluence, which allows for unauthorized access to Confluence Server and Confluence Data Center instances. The vulnerability is categorized as a Broken Access Control issue and has a CVSS base score of 10.0. โš ๏ธ

Prerequisites ๐Ÿ’ป

Before using this script, make sure you have the following prerequisites in place:

  • Python 3.x installed ๐Ÿ
  • Required Python packages (requests, fire, rich, and alive-progress) installed. You can install them using pip:
pip install -r requirements.txt

Usage ๐Ÿš€

The script provides two main commands for exploiting the vulnerability:

1. Normal Mode ๐Ÿ”

In normal mode, you can exploit the Confluence vulnerability using a single target URL. Run the following command:

python3 exploit.py normal [TARGET_URL] --output-file=[OUTPUT_FILE]

Replace [TARGET_URL] with the URL of the Confluence instance you want to target, and [OUTPUT_FILE] with the file you'd like to save vulnerable server details to.

Example:

python3 exploit.py normal https://example.com/confluence --output-file=vulnerable_servers.txt

2. Mass Mode ๐Ÿ”

In mass mode, you can exploit the vulnerability using a list of target URLs from a file. Create a text file with one target URL per line and run the following command:

python3 exploit.py mass [FILE_NAME] --output-file=[OUTPUT_FILE]

Replace [FILE_NAME] with the name of the file containing the list of target URLs, and [OUTPUT_FILE] with the file you'd like to save vulnerable server details to.

Example:

python3 exploit.py mass targets.txt --output-file=vulnerable_servers.txt

Example Output โ„น๏ธ

The script will provide information about the exploitation process, such as whether the vulnerability was successfully triggered, whether a new administrator was created, and whether authentication was successful.

[INFO] Successfully exploited https://example.com/confluence and logged in as admin!

Disclaimer โš ๏ธ

This script is provided for educational and informational purposes only. Use it responsibly and only on systems that you have permission to test. Unauthorized access to computer systems is illegal and unethical. ๐Ÿšซ

cve-2023-22515's People

Contributors

chocapikk avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

avento imbas007 hdys0vn kursadalsan sudonap orinocoz ramosslyz pirenga zha0 gmh5225 tucommenceapousser efcylab skellyb0n3s gavrias renozion aaronvdberg startagain2016 f1r4s gordonous enigmainfosec 0xsojalsec doodaz 5l1v3r1 vanpersiexp serundengsapi abdelilahelmokhtari amesianx

cve-2023-22515's Issues

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.