From 6a38795eb2b2026b7676a87d6e223ca9539070cd Mon Sep 17 00:00:00 2001 From: CPol Date: Sat, 17 Aug 2024 17:01:01 +0000 Subject: [PATCH] GITBOOK-4378: No subject --- SUMMARY.md | 2 +- .../pentesting-web/jira.md | 55 ++++++++++++++++--- 2 files changed, 48 insertions(+), 9 deletions(-) diff --git a/SUMMARY.md b/SUMMARY.md index 8562e90c3..f9518a74c 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -392,7 +392,7 @@ * [IIS - Internet Information Services](network-services-pentesting/pentesting-web/iis-internet-information-services.md) * [ImageMagick Security](network-services-pentesting/pentesting-web/imagemagick-security.md) * [JBOSS](network-services-pentesting/pentesting-web/jboss.md) - * [JIRA](network-services-pentesting/pentesting-web/jira.md) + * [Jira & Confluence](network-services-pentesting/pentesting-web/jira.md) * [Joomla](network-services-pentesting/pentesting-web/joomla.md) * [JSP](network-services-pentesting/pentesting-web/jsp.md) * [Laravel](network-services-pentesting/pentesting-web/laravel.md) diff --git a/network-services-pentesting/pentesting-web/jira.md b/network-services-pentesting/pentesting-web/jira.md index 4f71bcd90..98e140567 100644 --- a/network-services-pentesting/pentesting-web/jira.md +++ b/network-services-pentesting/pentesting-web/jira.md @@ -1,8 +1,8 @@ -# JIRA +# Jira & Confluence {% hint style="success" %} -Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ -Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) +Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ +Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
@@ -14,7 +14,6 @@ Learn & practice GCP Hacking: {% endhint %} -{% endhint %}
@@ -82,14 +81,56 @@ curl https://jira.some.example.com/rest/api/2/mypermissions | jq | grep -iB6 '"h * [https://github.com/0x48piraj/Jiraffe](https://github.com/0x48piraj/Jiraffe) * [https://github.com/bcoles/jira\_scan](https://github.com/bcoles/jira\_scan) +## Atlasian Plugins + +As indicated in this [**blog**](https://cyllective.com/blog/posts/atlassian-audit-plugins), in the documentation about [Plugin modules ↗](https://developer.atlassian.com/server/framework/atlassian-sdk/plugin-modules/) it's possible to check the different types of plugins, like: + +* [REST Plugin Module ↗](https://developer.atlassian.com/server/framework/atlassian-sdk/rest-plugin-module): Expose RESTful API endpoints +* [Servlet Plugin Module ↗](https://developer.atlassian.com/server/framework/atlassian-sdk/servlet-plugin-module/): Deploy Java servlets as part of a plugin +* [Macro Plugin Module ↗](https://developer.atlassian.com/server/confluence/macro-module/): Implement Confluence Macros, i.e. parameterised HTML templates + +This is an example of the macro plugin type: + +```java +package com.atlassian.tutorial.macro; + +import com.atlassian.confluence.content.render.xhtml.ConversionContext; +import com.atlassian.confluence.macro.Macro; +import com.atlassian.confluence.macro.MacroExecutionException; + +import java.util.Map; + +public class helloworld implements Macro { + + public String execute(Map map, String body, ConversionContext conversionContext) throws MacroExecutionException { + if (map.get("Name") != null) { + return ("

Hello " + map.get("Name") + "!

"); + } else { + return "

Hello World!

"; + } + } + + public BodyType getBodyType() { return BodyType.NONE; } + + public OutputType getOutputType() { return OutputType.BLOCK; } +} +``` + +It's possible to observe that these plugins might be vulnerable to common web vulnerabilities like XSS. For example the previous example is vulnerable because it's reflecting data given by the user. + +Once a XSS is found, in [**this github repo**](https://github.com/cyllective/XSS-Payloads/tree/main/Confluence) you can find some payloads to increase the impact of the XSS. + + +
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). {% embed url="https://www.stmcyber.com/careers" %} + {% hint style="success" %} -Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ -Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) +Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ +Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
@@ -101,5 +142,3 @@ Learn & practice GCP Hacking: {% endhint %} -
-{% endhint %}