Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-27 15:12:11 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/pentesting-web/jira.md

4.3 KiB
Raw Blame History

从零到英雄学习AWS黑客技术通过 htARTE (HackTricks AWS Red Team Expert)

支持HackTricks的其他方式

检查权限

在Jira实例中任何用户(甚至未认证用户)都可以在/rest/api/2/mypermissions/rest/api/3/mypermissions检查其权限。这些端点将返回您当前的权限。
如果一个未认证用户拥有任何权限,这是一个漏洞(悬赏?)。
如果一个认证用户拥有任何意外的权限,这是一个漏洞

更新自2019年2月1日起'mypermissions'端点需要一个'permission'参数,参数之一如下 https://developer.atlassian.com/cloud/jira/platform/change-notice-get-my-permissions-requires-permissions-query-parameter/#change-notice---get-my-permissions-resource-will-require-a-permissions-query-parameter

  • ADD_COMMENTS
  • ADMINISTER
  • ADMINISTER_PROJECTS
  • ASSIGNABLE_USER
  • ASSIGN_ISSUES
  • BROWSE_PROJECTS
  • BULK_CHANGE
  • CLOSE_ISSUES
  • CREATE_ATTACHMENTS
  • CREATE_ISSUES
  • CREATE_PROJECT
  • CREATE_SHARED_OBJECTS
  • DELETE_ALL_ATTACHMENTS
  • DELETE_ALL_COMMENTS
  • DELETE_ALL_WORKLOGS
  • DELETE_ISSUES
  • DELETE_OWN_ATTACHMENTS
  • DELETE_OWN_COMMENTS
  • DELETE_OWN_WORKLOGS
  • EDIT_ALL_COMMENTS
  • EDIT_ALL_WORKLOGS
  • EDIT_ISSUES
  • EDIT_OWN_COMMENTS
  • EDIT_OWN_WORKLOGS
  • LINK_ISSUES
  • MANAGE_GROUP_FILTER_SUBSCRIPTIONS
  • MANAGE_SPRINTS_PERMISSION
  • MANAGE_WATCHERS
  • MODIFY_REPORTER
  • MOVE_ISSUES
  • RESOLVE_ISSUES
  • SCHEDULE_ISSUES
  • SET_ISSUE_SECURITY
  • SYSTEM_ADMIN
  • TRANSITION_ISSUES
  • USER_PICKER
  • VIEW_AGGREGATED_DATA
  • VIEW_DEV_TOOLS
  • VIEW_READONLY_WORKFLOW
  • VIEW_VOTERS_AND_WATCHERS
  • WORK_ON_ISSUES

示例:https://your-domain.atlassian.net/rest/api/2/mypermissions?permissions=BROWSE_PROJECTS,CREATE_ISSUES,ADMINISTER_PROJECTS

#Check non-authenticated privileges
curl https://jira.some.example.com/rest/api/2/mypermissions | jq | grep -iB6 '"havePermission": true'

自动化枚举

通过 htARTE (HackTricks AWS Red Team Expert)从零开始学习AWS黑客攻击直到成为专家

支持HackTricks的其他方式