BC SOFTWARE

Saved by @CodyyyGardner

Harsh Bothra
@harshbothra_ 4 years, 3 months ago 1222 views

Save to PDF Share See On Twitter

#Learn365 Day-4: Unauthenticated & Exploitable JIRA Vulnerabilities

There are multiple security vulnerabilities associated with the various versions of JIRA software which are exploited in wild and is one of my personal favourite 3rd Party apps to hunt.

#BugBountyTips

(1/n)

(2/n)
1. CVE-2020-14179 (Information Disclosure)
a. Navigate to /secure/QueryComponent!Default.jspa
b. It leaks information about custom fields, custom SLA, etc.

2. CVE-2020-14181 (User Enumeration)
a. Navigate to /secure/ViewUserHover.jspa?username=

(3/n)
3. CVE-2020-14178 (Project Key Enumeration)
a. Navigate to /browse.
b. Observe the error message on valid vs. invalid project key. Apart from the Enumeration, you can often get unauthenticated access to the project if the protections are not in place.

(4/n)
4. CVE-2019-3402 (XSS)
a. Navigate to /secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search

5. CVE-2019-11581 (SSTI)
a. Navigate to /secure/ContactAdministrators!default.jspa

(5/n)
6. CVE-2019-3396 (Path Traversal)
7. CVE-2019-8451 (SSRF)
a. Navigate to /plugins/servlet/gadgets/makeRequest?url=https://:[email protected]
8. CVE-2019-8451 (SSRF)
a. Navigate to /plugins/servlet/gadgets/makeRequest?url=https://:[email protected]

(6/n)
9. CVE-2019-8449 (User Information Disclosure)
a. Navigate to /rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
b. Observe that the user related information will be available.

(7/n)
10. CVE-2019-3403 (User Enumeration)
a. Navigate to /rest/api/2/user/picker?query=
b. Observe the difference in response when valid vs. invalid user is queried.

(8/n)

11. CVE-2019-8442 (Sensitive Information Disclosure)

a. Navigate to /s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
b. Observe that the pom.xml file is accessible.

(n/n)
Tools: Nuclei Template can be used to automate most of these CVEs Detection.
H1 Reports:
- https://t.co/AaXKHt4NZZ
- https://t.co/hNrzpDgB5A
Blogs:
- https://t.co/ZMVc80vrYQ

More from Software

Abhiram Reddy
@nrabhiram

It’s been a minute since I’ve written code. So, I figured that now might be a good time to start learning how to use the Blueprint system in #UnrealEngine. I felt that it’d be interesting to share my progress and mistakes. So here goes!
🧵

1.
Firstly, I made use of the auto-rigging feature in Mixamo to give my character a skeleton. This allows you to use the Mixamo animations for the character in Unreal Engine.

2.
In the Animation Blueprint, I tried to add a punching state to the character. The problem I faced initially was that the character glides while punching. This occurs because multiple states of the animation are active (as their transition conditions are satisfied).

3.
There are a couple of solutions for this:

👉Blending the punch and idle states (character can punch while running) by using the Layered Blend Per Bone node.

👉Disabling input while the punch occurs.

4.
I didn’t like the outcome when I blended the animations. as the hip rotates more than we’d like it to. This leads to the character punching upwards and to the left. This isn’t favorable as the enemy is usually straight ahead. Disabling the input worked way better!

John Mashey
@JohnMashey

@mattblaze AFAIK the only group to discover Ken’s hack was us in PWB/UNIX. One of the other guys noticed C prepreprocessor had gotten bigger, looked at binary namelist, found symbol not in source code. I got onto Ken’s system, found the code, very clever.

A bit latet, I was in Lab 127’s terminal room, talking to dmr or bwk, and overheard amusing conversation between ken and Robert Morris Sr, who sometimes consulted for NSA.
(RM Jr of worm fame was just a kid then.)

They were chortling away over cleverness of exploit. Then one (must have been ken) said “think we could put this over on NSA?” (which already had UNIX systems... we did favors now and then).
More chortling, then (must have been Bob): uhh, NSA really doesn’t have sense of humor.

PWB crew ran 1st real UNIX computer center & we were hyper-sensitive, partly because someone had called at night, told operator he was Ken Thompson & needed root password ... and got it. Turned out to be high schooler ... proving that social engineering tactics have been eternal.

Years later, as many BTL Directors were buying PDP11-70s for labs as general service systems, some PWB crew were asked to do security audits, given experience running biggest UNIX site. One lab was very proud of enhanced password software.
We did audit, agreed with that, BUT:

Advertisement

John Fetterman
@JohnFetterman

buffalo uses dominion scoreboard software so not really

Sports Minute: Bills improve to 10-3 with 26-15 win over sloppy Steelers https://t.co/lg0isTiE92
— Erie News Now (@ErieNewsNow) December 14, 2020

DEAD PEOPLE SCORED FOR BUFFALO!

A truck delivered off a suitcase full of points at halftime from Canada for Buffalo.

#StopTheSteel !!!!

I’ll be submitting sworn affidavits from Steelers fans than they saw the Buffalo rigging the game but I want to emphasize that I’m not under oath.

$Andrew Harmel-Law \U0001f3e1$

Andrew Harmel-Law 🏡...
@al94781

Software architecture is in crisis, and the way to fix it is a hefty dose of anarchy.

Some lay the blame for this on @boicy with the whole microservices thing.

(Admittedly, @nicolefv, @jezhumble and @realgenekim didn’t help when they statistically proved that he might have been onto something with all that de-coupling and team-alignment…)

However I don’t blame him at all.

I think he saved us; bringing us back to the path of value-delivery and independent services, but now with added independent teams.

But one thing is clear. Microservices need more architecture, not less (as do other forms of #Accelerate-style software organisation).

(See https://t.co/B2hWmXhIqe if you need convincing)

I mean, all those pesky slices we need to carve up our monoliths (or were they big balls of mud?) That’s a significant amount of work right there…

$Jared Naude @ rC3 \U0001f680$

Jared Naude @ rC3 🚀...
@JaredNaude

Infrastructure review #rc3

There were only 18 heralds for all the talks. It was really hard to pull off, this conference also started a news show. #rc3

Next is the heaven team. 1487 total angels volunteered of which 710 arrived. 76 weeks worth of work hours were done by the angels. They prepared a few goodies for the RC3 world. Badges were given to show angels. Tried to keep traditions from the conference on RC3 world. #rc3

Huge thanks to all the angels who volunteered. This conference would not be possible with the help of everyone. #rc3

Next team is the signal angels, this is the first time that people had to do remote Q&A. The procedure was quite different to the in person event. There were 157 shifts filled by 61 angels. There were 5 unfilled shifts. #rc3

You May Also Like

Jaya_Upadhyaya
@Jayalko1

SRI LALITHAMBIGAI, THIRUMEYACHUR (TN)
#bharatmandir #navratri2021

Kshetram where Shiva is worshipped as Meghanatha and his consort is Lalithambigai seen in Abhay mudra.
Once, a demon Pandasura was harassing the Devas who went to Devi Parashakti for protection.
@GunduHuDuGa

Devi rose from a Yaga Gunda, mounted on the Sri Chakra Rath with the name Lalithambika, waged a war against Pandasura and destroyed him. When her fury did not subside, Shiva asked her to go to Earth, assume the name Manonmani, perform penance and shed her fury.

Shiva blessed Devi to be Shanta nayagi. There is a sculpture here depicting Shiva pacifying Devi. If you observe closely, you can see that from your left hand side there will be a smile on Her face and if you see from your right hand side you can see anger in Her face.

Hayagriva taught the greatness of Lalitha Sahasranama to Rishi Agasthya. Pleased with his devotion, Ma Lalithambikai appeared before Agastya. He is believed to have then sung Lalita Navaratnamala in praise of Devi. He has also composed a hymn named Rahasyanamasahasram.

Noah Smith
@Noahpinion

Remember: Just because an idea is old doesn't mean it's good.

Knowing whether old ideas are more likely to be good requires understanding whether conditions have changed in important ways.

Horse archery was an amazing method of warfare for over a thousand years...then people invented guns, and suddenly this great idea that had stood the test of time became obsolete.

Then again, when underlying conditions don't change much, tried-and-true approaches are probably better.

"Learning the lessons of history" usually just means assuming ergodicity and stationarity in an informal time-series model...

(end)

Advertisement

Patrick McKenzie
@patio11

A thing which I unironically and enthusiastically believe which is unpopular among smart people of my acquaintance: financial engineering has in the recent past and present contributed substantially to human welfare. We should hope to see more of it.

Maybe more geeks need to meet someone who says “My job is teleporting value across time and space.”

Financial engineering is sort of a squishy term. I don’t primarily mean payments infrastructure or financial rails, although both of those involve substantial engineering.

I mean more “We took a thing and performed some alchemy, and now have a new thing.”

Except instead of alchemy it is generally quite a bit of math, a huge amount of contract law and due diligence, often an impressive amount of ops work, and a dusting of technology that web devs would recognize as such.

Andrew Chen
@andrewchen

👇 Thread. New deck getting published this week: "Consumer startups are awesome, and here's what I'm looking to invest in at Andreessen Horowitz." If you want to read it, subscribe to my newsletter here: https://t.co/262t8eh0wf

1/ A lot of new consumer technologies have been introduced to US households in the last 100 years. But it's taken many of them - like the telephone - more than 50 years to get to the majority of the US. Why is that?

2/ We had to literally teach people how to use phone. Which end goes to your mouth, which goes to your ear. Say "hello" when people call. The motivation of consumers to talk to their friends has always been there, but we had to teach the behavior

3/ If you compare phones to the latest technologies, there's been a huge shift. Things are being picked up much faster.

4/ Even while there's been all this innovation recently, physically speaking, we are still the same human beings from 100,000 years ago.

$\u092c\u094d\u0930\u093e\u0939\u094d\u092e\u0923\u094b\u0902 \u0915\u093e \u0907\u0924\u093f\u0939\u093e\u0938\U0001f441\ufe0f\U0001f441\ufe0f$

ब्राह्मणों का इतिहास👁️...
@BRAHMIN_0052

MOHIYAL_BRAHMIN_KING
RAJA_PORUS
King_Porus_History

1)King Porus was a famous Indian king, his real name was #Purushotama. He belonged to PURU tribe mentioned in #RIG_VEDA, the Ancient books of India.

2) Porus ruled the Punjab region and expanded his kingdom between the Jhelum River and Chenab River in the Indian Subcontinent. He was a legendary warrior and more war skills. He made the army most powerful with war skills. Even Alexander had also made difficulty to defeat Porus.

3)Word of Mouth Oral tradition in #Mohyal_Brahmin families since ancient times has kept the Great Saga of their Great Elder known to them as Maharaja “ #Puru” alive.

4) When #Alexander the Great invaded India in 326 BC he was challenged near Taxila by a mere chieftain of the Area. He was King #Porus, a #Vaid_Mohyal. After his encounter with Porus, Alexander met with more resistance near Multan where the forces were predominantly #Mohyal.

5)The Bali rulers of Multan fiercely engaged with Alexander's army in skirmishes in which many senior Generals died. Later during the long and bitter fighting in #Multan, Alexander got hurt by an arrow which pierced his chest ,