Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-12-03 18:10:07 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/pentesting-web/jira.md

93 lines
5.4 KiB
Markdown
Raw Blame History

<details>
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
- Você trabalha em uma **empresa de cibersegurança**? Quer ver sua **empresa anunciada no HackTricks**? ou quer ter acesso à **versão mais recente do PEASS ou baixar o HackTricks em PDF**? Confira os [**PLANOS DE ASSINATURA**](https://github.com/sponsors/carlospolop)!
- Descubra [**The PEASS Family**](https://opensea.io/collection/the-peass-family), nossa coleção de [**NFTs**](https://opensea.io/collection/the-peass-family) exclusivos
- Adquira o [**material oficial do PEASS & HackTricks**](https://peass.creator-spring.com)
- **Junte-se ao** [**💬**](https://emojipedia.org/speech-balloon/) [**grupo do Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo do telegram**](https://t.me/peass) ou **siga**-me no **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
- **Compartilhe suas técnicas de hacking enviando PRs para o repositório [hacktricks](https://github.com/carlospolop/hacktricks) e para o repositório [hacktricks-cloud](https://github.com/carlospolop/hacktricks-cloud)**.
</details>
## Verificar Privilégios
Dentro de uma instância Jira **qualquer usuário** (mesmo **não autenticado**) pode **verificar seus privilégios** em `/rest/api/2/mypermissions` ou `/rest/api/3/mypermissions`. Esses endpoints retornarão seus privilégios atuais.\
Se um usuário **não autenticado** tiver algum **privilégio**, isso é uma **vulnerabilidade** (bounty?).\
Se um usuário **autenticado** tiver algum **privilégio inesperado**, isso é uma **vuln**.
Atualização: A partir de 1º de fevereiro de 2019, - o endpoint 'mypermissions' requer um parâmetro 'permission' com um dos seguintes parâmetros
[https://developer.atlassian.com/cloud/jira/platform/change-notice-get-my-permissions-requires-permissions-query-parameter/#change-notice---get-my-permissions-resource-will-require-a-permissions-query-parameter](https://developer.atlassian.com/cloud/jira/platform/change-notice-get-my-permissions-requires-permissions-query-parameter/#change-notice---get-my-permissions-resource-will-require-a-permissions-query-parameter)
- ADD_COMMENTS
- ADMINISTER
- ADMINISTER_PROJECTS
- ASSIGNABLE_USER
- ASSIGN_ISSUES
- BROWSE_PROJECTS
- BULK_CHANGE
- CLOSE_ISSUES
- CREATE_ATTACHMENTS
- CREATE_ISSUES
- CREATE_PROJECT
- CREATE_SHARED_OBJECTS
- DELETE_ALL_ATTACHMENTS
- DELETE_ALL_COMMENTS
- DELETE_ALL_WORKLOGS
- DELETE_ISSUES
- DELETE_OWN_ATTACHMENTS
- DELETE_OWN_COMMENTS
- DELETE_OWN_WORKLOGS
- EDIT_ALL_COMMENTS
- EDIT_ALL_WORKLOGS
- EDIT_ISSUES
- EDIT_OWN_COMMENTS
- EDIT_OWN_WORKLOGS
- LINK_ISSUES
- MANAGE_GROUP_FILTER_SUBSCRIPTIONS
- MANAGE_SPRINTS_PERMISSION
- MANAGE_WATCHERS
- MODIFY_REPORTER
- MOVE_ISSUES
- RESOLVE_ISSUES
- SCHEDULE_ISSUES
- SET_ISSUE_SECURITY
- SYSTEM_ADMIN
- TRANSITION_ISSUES
- USER_PICKER
- VIEW_AGGREGATED_DATA
- VIEW_DEV_TOOLS
- VIEW_READONLY_WORKFLOW
- VIEW_VOTERS_AND_WATCHERS
- WORK_ON_ISSUES
Exemplo: `https://your-domain.atlassian.net/rest/api/2/mypermissions?permissions=BROWSE_PROJECTS,CREATE_ISSUES,ADMINISTER_PROJECTS`
```bash
#Check non-authenticated privileges
curl https://jira.some.example.com/rest/api/2/mypermissions | jq | grep -iB6 '"havePermission": true'
```
## Enumeração Automatizada
* [https://github.com/0x48piraj/Jiraffe](https://github.com/0x48piraj/Jiraffe)
* [https://github.com/bcoles/jira\_scan](https://github.com/bcoles/jira\_scan)
<details>
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
- Você trabalha em uma **empresa de cybersecurity**? Quer ver sua **empresa anunciada no HackTricks**? ou quer ter acesso à **versão mais recente do PEASS ou baixar o HackTricks em PDF**? Confira os [**PLANOS DE ASSINATURA**](https://github.com/sponsors/carlospolop)!
- Descubra [**A Família PEASS**](https://opensea.io/collection/the-peass-family), nossa coleção de [**NFTs**](https://opensea.io/collection/the-peass-family) exclusivos
- Adquira o [**material oficial do PEASS & HackTricks**](https://peass.creator-spring.com)
- **Junte-se ao** [**💬**](https://emojipedia.org/speech-balloon/) [**grupo do Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo do telegram**](https://t.me/peass) ou **siga-me** no **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
- **Compartilhe suas técnicas de hacking enviando PRs para o [repositório hacktricks](https://github.com/carlospolop/hacktricks) e [repositório hacktricks-cloud](https://github.com/carlospolop/hacktricks-cloud)**.
</details>
Reference in a new issue View git blame Copy permalink