mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-24 21:53:54 +00:00
GITBOOK-4378: No subject
This commit is contained in:
parent
2c92ce81a6
commit
6a38795eb2
2 changed files with 48 additions and 9 deletions
|
@ -392,7 +392,7 @@
|
||||||
* [IIS - Internet Information Services](network-services-pentesting/pentesting-web/iis-internet-information-services.md)
|
* [IIS - Internet Information Services](network-services-pentesting/pentesting-web/iis-internet-information-services.md)
|
||||||
* [ImageMagick Security](network-services-pentesting/pentesting-web/imagemagick-security.md)
|
* [ImageMagick Security](network-services-pentesting/pentesting-web/imagemagick-security.md)
|
||||||
* [JBOSS](network-services-pentesting/pentesting-web/jboss.md)
|
* [JBOSS](network-services-pentesting/pentesting-web/jboss.md)
|
||||||
* [JIRA](network-services-pentesting/pentesting-web/jira.md)
|
* [Jira & Confluence](network-services-pentesting/pentesting-web/jira.md)
|
||||||
* [Joomla](network-services-pentesting/pentesting-web/joomla.md)
|
* [Joomla](network-services-pentesting/pentesting-web/joomla.md)
|
||||||
* [JSP](network-services-pentesting/pentesting-web/jsp.md)
|
* [JSP](network-services-pentesting/pentesting-web/jsp.md)
|
||||||
* [Laravel](network-services-pentesting/pentesting-web/laravel.md)
|
* [Laravel](network-services-pentesting/pentesting-web/laravel.md)
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
# JIRA
|
# Jira & Confluence
|
||||||
|
|
||||||
{% hint style="success" %}
|
{% hint style="success" %}
|
||||||
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
Learn & practice AWS Hacking:<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">\
|
||||||
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
Learn & practice GCP Hacking: <img src="../../.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
||||||
|
|
||||||
<details>
|
<details>
|
||||||
|
|
||||||
|
@ -14,7 +14,6 @@ Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-s
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
{% endhint %}
|
{% endhint %}
|
||||||
{% endhint %}
|
|
||||||
|
|
||||||
<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -82,14 +81,56 @@ curl https://jira.some.example.com/rest/api/2/mypermissions | jq | grep -iB6 '"h
|
||||||
* [https://github.com/0x48piraj/Jiraffe](https://github.com/0x48piraj/Jiraffe)
|
* [https://github.com/0x48piraj/Jiraffe](https://github.com/0x48piraj/Jiraffe)
|
||||||
* [https://github.com/bcoles/jira\_scan](https://github.com/bcoles/jira\_scan)
|
* [https://github.com/bcoles/jira\_scan](https://github.com/bcoles/jira\_scan)
|
||||||
|
|
||||||
|
## Atlasian Plugins
|
||||||
|
|
||||||
|
As indicated in this [**blog**](https://cyllective.com/blog/posts/atlassian-audit-plugins), in the documentation about [Plugin modules ↗](https://developer.atlassian.com/server/framework/atlassian-sdk/plugin-modules/) it's possible to check the different types of plugins, like:
|
||||||
|
|
||||||
|
* [REST Plugin Module ↗](https://developer.atlassian.com/server/framework/atlassian-sdk/rest-plugin-module): Expose RESTful API endpoints
|
||||||
|
* [Servlet Plugin Module ↗](https://developer.atlassian.com/server/framework/atlassian-sdk/servlet-plugin-module/): Deploy Java servlets as part of a plugin
|
||||||
|
* [Macro Plugin Module ↗](https://developer.atlassian.com/server/confluence/macro-module/): Implement Confluence Macros, i.e. parameterised HTML templates
|
||||||
|
|
||||||
|
This is an example of the macro plugin type:
|
||||||
|
|
||||||
|
```java
|
||||||
|
package com.atlassian.tutorial.macro;
|
||||||
|
|
||||||
|
import com.atlassian.confluence.content.render.xhtml.ConversionContext;
|
||||||
|
import com.atlassian.confluence.macro.Macro;
|
||||||
|
import com.atlassian.confluence.macro.MacroExecutionException;
|
||||||
|
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
public class helloworld implements Macro {
|
||||||
|
|
||||||
|
public String execute(Map<String, String> map, String body, ConversionContext conversionContext) throws MacroExecutionException {
|
||||||
|
if (map.get("Name") != null) {
|
||||||
|
return ("<h1>Hello " + map.get("Name") + "!</h1>");
|
||||||
|
} else {
|
||||||
|
return "<h1>Hello World!<h1>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public BodyType getBodyType() { return BodyType.NONE; }
|
||||||
|
|
||||||
|
public OutputType getOutputType() { return OutputType.BLOCK; }
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
It's possible to observe that these plugins might be vulnerable to common web vulnerabilities like XSS. For example the previous example is vulnerable because it's reflecting data given by the user. 
|
||||||
|
|
||||||
|
Once a XSS is found, in [**this github repo**](https://github.com/cyllective/XSS-Payloads/tree/main/Confluence) you can find some payloads to increase the impact of the XSS.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
|
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
|
||||||
|
|
||||||
{% embed url="https://www.stmcyber.com/careers" %}
|
{% embed url="https://www.stmcyber.com/careers" %}
|
||||||
|
|
||||||
{% hint style="success" %}
|
{% hint style="success" %}
|
||||||
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
Learn & practice AWS Hacking:<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">\
|
||||||
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
Learn & practice GCP Hacking: <img src="../../.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
||||||
|
|
||||||
<details>
|
<details>
|
||||||
|
|
||||||
|
@ -101,5 +142,3 @@ Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-s
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
{% endhint %}
|
{% endhint %}
|
||||||
</details>
|
|
||||||
{% endhint %}
|
|
||||||
|
|
Loading…
Reference in a new issue