关联漏洞
标题:Atlassian Jira 授权问题漏洞 (CVE-2019-3403)Description:Atlassian Jira是澳大利亚Atlassian公司的一套缺陷跟踪管理系统。该系统主要用于对工作中各类问题、缺陷进行跟踪管理。 Atlassian Jira 7.13.3之前版本、8.0.4之前版本和8.1.1之前版本中存在安全漏洞。攻击者可利用该漏洞枚举用户名称。
Description
A simple python3 exploit for CVE-2019-3403
介绍
# CVE-2019-3403
I wanted to easily be able to exploit CVE-2019-3403 to scrape all the users from a JIRA application, so I threw this script together. It isn't the cleanest code ever, and it doesn't handle requests that return over 1000 users (it will just truncate them to the first 1000) - but it can quickly scrape all of the users from a vulnerable JIRA server.
## Usage
```
usage: scrape_jira.py [-h] -d DOMAIN [-q QUERY] [-o OUT] [-v]
Scrape User Information from Vulnerable JIRA Instances [CVE-2019-3403]
optional arguments:
-h, --help show this help message and exit
-d DOMAIN, --domain DOMAIN
The domain of the target
-q QUERY, --query QUERY
Specific query to run against the API
-o OUT, --out OUT Output to a file
-v, --verbose Verbose output
```
### Examples
Scrape everything and save output to a file:
```
python3 CVE-2019-3403.py -d jira.example.com -o out.txt -v
```
Just look for a specific user:
```
python3 CVE-2019-3403.py -d jira.example.com -q admin
```
文件快照
[4.0K] /data/pocs/2261f6ac94627763715df4a0270ec541b279eb14
├── [2.5K] CVE-2019-3403.py
├── [1.0K] LICENSE
├── [1.0K] README.md
└── [ 115] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →