Open JIRA Service Desk Signup - carnal0wnage/J-PWN GitHub Wiki

Open JIRA Service Desk Signup

Category: [Initial Access]

module name: check_open_servicedesk_login

url: http://jira/servicedesk/customer/user/login

module name: check_open_servicedesk_signup

url: http://jira/servicedesk/customer/user/signup

INFO: IN DEVELOPMENT - Open Service Desk Login

+ Open Service Desk Login Found: Manual exploitation required [try to signup and log in]
  URL: https://jiraserver/servicedesk/customer/user/login
  Note: Exploitation requires manual steps.
  Note: Refer to: https://medium.com/@intideceukelaire/hundreds-of-internal-servicedesks-exposed-due-to-covid-19-ecd0baec87bd

INFO: IN DEVELOPMENT - Open Service Desk Signup

+ Open Service Desk Signup Found: Manual exploitation required [try to signup and log in]
  URL: https://jiraserver/servicedesk/customer/user/signup
  Note: Exploitation requires manual steps.
  Note: Refer to: https://medium.com/@intideceukelaire/hundreds-of-internal-servicedesks-exposed-due-to-covid-19-ecd0baec87bd

[CG] This is still in Development (at time of writing this wiki) as many servers will give a 200 with a bunch of javascript but will be a blank page in the browser. True positive shown below:

Open Service Desk Signup

302 to login

INFO: IN DEVELOPMENT - Open Service Desk Login
- Redirection Detected (302) for: http://jiraserver/servicedesk/customer/user/login
- Location Header: /login.jsp?os_destination=https%3A%2F%2Fotherjiraserver%2Fservicedesk%2Fcustomer%2Fuser%2Flogin
- This program doesnt follow 302 - Try: curl -k -v 'http://jirserver/servicedesk/customer/user/login'

INFO: IN DEVELOPMENT - Open Service Desk Signup
- Redirection Detected (302) for: http://jiraserver/servicedesk/customer/user/signup
- Location Header: /login.jsp?os_destination=https%3A%2F%2Fotherjiraserver%2Fservicedesk%2Fcustomer%2Fuser%2Fsignup
- This program doesnt follow 302 - Try: curl -k -v 'http://jiraserver/servicedesk/customer/user/signup'

404

INFO: IN DEVELOPMENT - Open Service Desk Login

- No Open Service Desk vulnerability detected on: https://jira/servicedesk/customer/user/login
- HTTP Status Code: 404

INFO: IN DEVELOPMENT - Open Service Desk Signup

- No Open Service Desk vulnerability detected on: https://jira/servicedesk/customer/user/signup
- HTTP Status Code: 404

ref https://www.acunetix.com/vulnerabilities/web/atlassian-jira-servicedesk-misconfiguration/