.. / CVE-2017-9506

Exploit for Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery (CVE-2017-9506)

Description:

The Atlassian Jira IconUriServlet of the OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 contains a cross-site scripting vulnerability which allows remote attackers to access the content of internal network resources and/or perform an attack via Server Side Request Forgery.

Nuclei Template

View the template here CVE-2017-9506.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2017/CVE-2017-9506.yaml

References:

http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
https://ecosystem.atlassian.net/browse/OAUTH-344
https://nvd.nist.gov/vuln/detail/CVE-2017-9506
https://github.com/d4n-sec/d4n-sec.github.io
https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3

.. / CVE-2017-9506 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery (CVE-2017-9506)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2017-9506