Automatically configure vulnerable Confluence settings

proof-of-concept-exploits/confluence-cve-2022-26134/README.md

@@ -19,10 +19,9 @@ Install confluence
 
 1. Navigate to `localhost:8090`
 2. Get a trial license (this won't work without one)
-3. In db setup step, put in hostname: `db`, port: `5432`, dbname: `conf`, username: `postgres`, password: `koko`
-4. It'll take a while to configure, make sure you have 3-4gb of RAM
-5. Use a test site/template, and use confluence to manage users. Fill in default for admin
-6. Once you get past the admin creation step, you can run the exploit
+3. It'll take a while to configure, make sure you have 3-4gb of RAM
+4. Use a test site/template, and use confluence to manage users. Fill in default for admin
+5. Once you get past the admin creation step, you can run the exploit
 
 ## Exploitation steps
 
@@ -63,7 +62,7 @@ Output:
 Exec into the container
 
 ```
-└> ./getshell.sh confluence
+└> docker exec -it vulnerable-confluence bash
 
 root@b2db3bfbe364:/var/atlassian/application-data/confluence# ls -lah /tmp
 total 12K

proof-of-concept-exploits/confluence-cve-2022-26134/docker-compose.yml

@@ -2,11 +2,19 @@ version: "3.9"
 services:
   conf:
     image: atlassian/confluence-server@sha256:83a19d7c474b550b4ab4ef383e93e16c02457d680a982debcaf32b3b7db5bf52
+    container_name: vulnerable-confluence
     depends_on:
       - db
     ports:
        - 8090:8090
        - 8091:8091
+    environment:
+      ATL_JDBC_URL: jdbc:postgresql://db:5432/conf
+      ATL_JDBC_USER: postgres
+      ATL_JDBC_PASSWORD: koko
+      ATL_DB_TYPE: postgresql
+      ATL_DB_DRIVER: org.postgresql.Driver
+      ATL_DB_SCHEMA_NAME: conf
   # port = 5432, username = postgres
   db:
     image: postgres