GITBOOK-4378: No subject

SUMMARY.md

@@ -392,7 +392,7 @@
   * [IIS - Internet Information Services](network-services-pentesting/pentesting-web/iis-internet-information-services.md)
   * [ImageMagick Security](network-services-pentesting/pentesting-web/imagemagick-security.md)
   * [JBOSS](network-services-pentesting/pentesting-web/jboss.md)
-  * [JIRA](network-services-pentesting/pentesting-web/jira.md)
+  * [Jira & Confluence](network-services-pentesting/pentesting-web/jira.md)
   * [Joomla](network-services-pentesting/pentesting-web/joomla.md)
   * [JSP](network-services-pentesting/pentesting-web/jsp.md)
   * [Laravel](network-services-pentesting/pentesting-web/laravel.md)

network-services-pentesting/pentesting-web/jira.md

@@ -1,8 +1,8 @@
-# JIRA
+# Jira & Confluence
 
 {% hint style="success" %}
-Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
-Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
+Learn & practice AWS Hacking:<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">\
+Learn & practice GCP Hacking: <img src="../../.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
 
 <details>
 
@@ -14,7 +14,6 @@ Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-s
 
 </details>
 {% endhint %}
-{% endhint %}
 
 <figure><img src="../../.gitbook/assets/image (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
 
@@ -82,14 +81,56 @@ curl https://jira.some.example.com/rest/api/2/mypermissions | jq | grep -iB6 '"h
 * [https://github.com/0x48piraj/Jiraffe](https://github.com/0x48piraj/Jiraffe)
 * [https://github.com/bcoles/jira\_scan](https://github.com/bcoles/jira\_scan)
 
+## Atlasian Plugins
+
+As indicated in this [**blog**](https://cyllective.com/blog/posts/atlassian-audit-plugins), in the documentation about [Plugin modules ↗](https://developer.atlassian.com/server/framework/atlassian-sdk/plugin-modules/) it's possible to check the different types of plugins, like:
+
+* [REST Plugin Module ↗](https://developer.atlassian.com/server/framework/atlassian-sdk/rest-plugin-module): Expose RESTful API endpoints
+* [Servlet Plugin Module ↗](https://developer.atlassian.com/server/framework/atlassian-sdk/servlet-plugin-module/): Deploy Java servlets as part of a plugin
+* [Macro Plugin Module ↗](https://developer.atlassian.com/server/confluence/macro-module/): Implement Confluence Macros, i.e. parameterised HTML templates
+
+This is an example of the macro plugin type:
+
+```java
+package com.atlassian.tutorial.macro;
+
+import com.atlassian.confluence.content.render.xhtml.ConversionContext;
+import com.atlassian.confluence.macro.Macro;
+import com.atlassian.confluence.macro.MacroExecutionException;
+
+import java.util.Map;
+
+public class helloworld implements Macro {
+
+    public String execute(Map<String, String> map, String body, ConversionContext conversionContext) throws MacroExecutionException {
+        if (map.get("Name") != null) {
+            return ("<h1>Hello " + map.get("Name") + "!</h1>");
+        } else {
+            return "<h1>Hello World!<h1>";
+        }
+    }
+
+    public BodyType getBodyType() { return BodyType.NONE; }
+
+    public OutputType getOutputType() { return OutputType.BLOCK; }
+}
+```
+
+It's possible to observe that these plugins might be vulnerable to common web vulnerabilities like XSS. For example the previous example is vulnerable because it's reflecting data given by the user.&#x20;
+
+Once a XSS is found, in [**this github repo**](https://github.com/cyllective/XSS-Payloads/tree/main/Confluence) you can find some payloads to increase the impact of the XSS.
+
+
+
 <figure><img src="../../.gitbook/assets/image (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
 {% embed url="https://www.stmcyber.com/careers" %}
+
 {% hint style="success" %}
-Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
-Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
+Learn & practice AWS Hacking:<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">\
+Learn & practice GCP Hacking: <img src="../../.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
 
 <details>
 
@@ -101,5 +142,3 @@ Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-s
 
 </details>
 {% endhint %}
-</details>
-{% endhint %}