RevoltSecurities / CVE-2023-22518

An Exploitation tool to exploit the confluence server that are vulnerable to CVE-2023-22518 Improper Authorization
MIT License
44 stars 16 forks source link

CVE-2023-22518

An Exploitation tool to exploit the confluence server that are vulnerable to CVE-2023-22518 Improper Authorization Vulnerability

Installation:

git clone https://github.com/sanjai-AK47/CVE-2023-22518
cd CVE-2023-22518
python3 exploit.py

Usage:

python3 exploit.py -h                                                                                 
usage: exploit.py [-h] [-d DOMAIN] [-dL DOMAINS_LIST] [-o OUTPUT] [-to TIME_OUT] [-px PROXY] [-v]

[DESCTIPTION]: Exploitation and Detection tool for Cisco CVE-2023-46747

options:
  -h, --help            show this help message and exit
  -d DOMAIN, --domain DOMAIN
                        [INFO]: Target domain for exploiting without protocol eg:(www.domain.com)
  -dL DOMAINS_LIST, --domains-list DOMAINS_LIST
                        [INFO]: Targets domain for exploiting without protocol eg:(www.domain.com)
  -o OUTPUT, --output OUTPUT
                        [INFO]: File name to save output
  -to TIME_OUT, --time-out TIME_OUT
                        [INFO]: Switiching timeout will requests till for your timeout and also for BURPSUITE
  -px PROXY, --proxy PROXY
                        [INFO]: Switiching proxy will send request to your configured proxy (eg: BURPSUITE)
  -v, --verbose         [INFO]: Switiching Verbose will shows offline targets

Easy POC:

Users can easily make a poc with the Exploiter by giving vulnerable target and make proxy requests using your burpsuite and intercept the request and the below is a following easy poc making flags.

python3 exploit.py -d vulnerable.com -o output.txt --proxy 127.0.0.1:8080 --time-out 40

Exploited:

Screenshot from 2023-11-05 12-36-55

Exploitation:

When the script exploits the vulnerability it will show the vulnerable output and server path of the targets

Information:

Important thing if any unethical exploitation the I'm not responsible for any illegal actions so plese use this for ethical and legal purposes

Proof of conept Developed by D.Sanjai Kumar with ♥️ for any upgrade and miscoded contact me throguh my LinkedIn. Thank you!