How i converted SSRF TO XSS in jira.

I m very much into Bug Bounty and i spend my whole day doing this finding new and interesting stuff and kept on upgrading my recon techniques.

So this Site was random and has vast subdomains to test

domain *

so i used some sites to find subdomains


2. DnsDumpster

3. virustotal

4. Acunetix mannual tool

Before i start Acunetix does Subdomain scans so just set the time out to 20 and you will get a really big list with banners and response headers. (it does the half of the work for you.)

Now, i been through lots of subdomains and i was specifically looking for any jira environment , and i found one.

lets say

so i looked at the version and it was “5.8.13” ,which is affected to ssrf ……

I remember the “Alyssa Herrera” writeup on “Piercing the Veil: Server Side Request Forgery to NIPRNet access

so i quickly visited


And Boom i got the google page and i m like

Hell Yea !

So i followed the writeup but couldn’t managed to get any sensitive info .

[Yes i tried everything ..nothing worked.]

And that’s where i was like “why god?” why ?

why God?

and then suddenly it came to my mind and i went to brute xss blog

copied “” , and put it place of

and boom , i got XSS

ssrf to XSS in #Vain

So it worked and i got bounty of 50$ which is less (and that company sucks)

Anyways it doesn’t matter at all , it was all about exploration and learning new things and gain experience.

#sharing is #caring

Hope you guys enjoyed it and learned something new. #[For who doesn’t know ,rest are leets].

Thank you


follow me on twitter: Ashish Kunwar

and if you have any questions DM is open only for followers.

i m a security researcher and exploit developer/ and love Fuzzing and break things |bug hunter|

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store