.png)
17 hours ago
6 BOOK THIS SPACE FOR AD
ARTICLE AD
Hi geeks , It will be a nice writeup bring ur coffee and let’s start
one of my fav approaches is to analyze all the technologies that the company uses , so I got that one of them is JIRA , who don’t know it ? , after that I started to exploit every technology they are using and after that I went through JIRA exploits , first I tried to fuzz for more dirs and files I was able to get deeper more than anyone could , and this is an important point is how u can get deeper as much as u can .
While I was recon for more things I got that the company uses a services which provided by JIRA called “Servicedesk” after some searches this service provide : Showcase services through a simple, intuitive portal that makes it easy for employees and customers to get help quickly, and for teams to streamline incoming work .
This Means that this not available for Unauthenticated Users and this endpoint should provided with some functions as : Login , Forget Password , SignUp , … etc .
And Now the game starts
I tried to access the endpoint through : https://atlassian.redacted.com/ , but it forward me to ‘microsoft login panel’ to login with the company account and as you know we are black box hackers we don’t have any access to any resource , hmmmm
First I tried to Fuzz the subdomain : https://atlassian.redacted.com/ , to get also any dir and tried to dork google to find some login panels , and after alot of search I got this path : /jira/servicedesk/customer/user/login , which is already for : Servicedesk Login panel , but it didn’t redirect me to “ Microsoft Login Panel “ ,
Well , Know we have some good results , We have to start to work on this endpoint to get an exploitable Bug or Misconfig , First I tried To search if this endpoint is available for unauthenticated users to signup and if their is a missconfig in it’s flow , So I got that this service has already a Missconfig that the signup is available due to some misconfig at implementation , I know that if I tried replace : login to signup it will redirect me to sign up but everytime I try to get deeper more than anyone search to get hidden gems first .
and It was the misconfig that : /jira/servicedesk/customer/user/signup , will let u signup on jira panel as trusted user with ur personal email .
And Boom Now I’m in 😉 ,
their was some sensitive infos so I can’t share it , I also got some enternal bugs their but I can’t share it right now .
What is the Misconfig ?
Atlassian JIRA is a tool that is used for bug tracking, issue tracking, and project management.
This instance of Atlassian JIRA is misconfigured to allow an attacker to sign up (create a new account) just by navigating to the signup page that is accessible at the URL /servicedesk/customer/user/signup. After the attacker has created a new account it’s possible for him/her to access the support portal.
References :
https://www.acunetix.com/vulnerabilities/web/atlassian-jira-servicedesk-misconfiguration/
Thanks for ur time .
Bengali (Bangladesh) · 
English (United States) ·