Confluence

Challenge Description

Solution

• On the landing page we could see login page which was for Confluence using version 8.5.1

• Researching on it, we find a CVE for it CVE-2023-22515

• Using this github POC , we get the credentials for the page.

• Using those credentials and logging in the file gets downloaded

• Unzipping it gives a flag.txt, which contains the flag

FLAG

YCTF{C0nf1u3nc3_x_YCF}

POC Links

• https://github.com/Chocapikk/CVE-2023-22515