2022-07-23 13:07:43 +00:00
id : jira-servicedesk-signup
info :
name : Atlassian Jira Service Desk Signup
author : TechbrunchFR
severity : medium
description :
This instance of Atlassian JIRA is misconfigured to allow an attacker to sign up (create a new account) just by navigating to the signup page that is accessible at the URL /servicedesk/customer/user/signup. After the attacker has created a new account it's possible for him/her to access the support portal.
reference :
- https://www.acunetix.com/vulnerabilities/web/atlassian-jira-servicedesk-misconfiguration/
metadata :
2023-04-28 08:11:21 +00:00
max-request : 4
2022-07-23 13:07:43 +00:00
shodan-query : http.component:"Atlassian Jira"
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score : 6.1
cwe-id : CWE-287
tags : atlassian,servicedesk,jira,confluence
2023-04-27 04:28:59 +00:00
http :
2022-07-23 13:07:43 +00:00
- raw :
- |
GET /servicedesk/customer/user/signup HTTP/1.1
Host : {{Hostname}}
- |
POST /servicedesk/customer/user/signup HTTP/1.1
Host : {{Hostname}}
Content-Type : application/json
Origin : {{RootURL}}
Referer : {{RootURL}}/servicedesk/customer/user/signup
{"email" : "" , "fullname" : "{{randstr}}" , "password" : "" , "captcha" : "" , "secondaryEmail" : "" }
- |
GET /secure/Signup!default.jspa HTTP/1.1
Host : {{Hostname}}
- |
POST /secure/Signup.jspa HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
Origin : {{RootURL}}
Referer : {{RootURL}}/secure/Signup.jspa
email=&fullname={{randstr}}&username=&password=&Signup=Sign+up
cookie-reuse : true
stop-at-first-match : true
matchers :
- type : word
words :
- 'signup.validation.errors'
- 'signup-username-error'
condition : or
