U.S. Dept Of Defense: SSRF+XSS

ID H1:326043
Type hackerone
Reporter alyssa_herrera
Modified 2018-04-17T18:13:00


I discovered that due to an outdated Jira instance, I was able to exploit an SSRF vulnerability in Jira and was able to perform several actions such as bypass any firewall/protection solutions, access AWS instance data, access Internal DoD Servers and internal services. Additionally I was able to perform XSPA through assessing the response times for ports.

I discuss the vulnerabilities exploited in my write which you can find here, https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a