# Executing Arbitrary Code In Confluence Memory

[CVE-2023-22527]( is a widely known vulnerability affecting Atlassian Confluence. Most exploits for this vulnerability use `freemarker.template.utility.Execute()` to execute an operating system command, but they can do so much better. In this repository you'll find three [go-exploit]( implementations of CVE-2023-22527 that execute their payload without touching disk (at least until the user directs them to).

You will find the exploits in the following subdirectories

* webshell: loads a webshell into memory
* reverseshell: loads a reverse shell into memory
* nashorn: loads a Nashorn JavaScript reverse shell into memory (only affects Atlassian Confluence using Java below version 15)

## Compiling

All the repositories come with a dockerfile. To build it simply:

make docker

If you have a Go (and Java) build environment handy, you can also just use `make`:

albinolobster@mournland:~/cve-2023-22527/webshell$ make
gofmt -d -w cve-2023-22527.go 
golangci-lint run --fix cve-2023-22527.go
javac -classpath ./lib/servlet-api.jar
Note: uses or overrides a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
GOOS=linux GOARCH=arm64 go build -o build/cve-2023-22527_linux-arm64 cve-2023-22527.go