Lucene search
Alyssa_herreraH1:330860HistoryMar 28, 2018 - 7:48 p.m.
U.S. Dept Of Defense: Information Disclosure
2018-03-2819:48:50
alyssa_herrera
hackerone.com
22
0.006 Low
EPSS
Percentile
78.1%
I discovered that due to an outdated atlassian software instance, I was able to exploit an SSRF vulnerability in confluence and was able to perform several actions such as bypass any firewall/protection solutions, was able to perform XSPA through assessing the response times for ports, access Internal DoD Servers and internal services.
I discuss the vulnerabilities exploited in my write which you can find here, https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a
Related
atlassian
atlassian
nuclei
nuclei
prion
prion
Server side request forgery (ssrf)
2017-08-23 19:29:00
nessus
nessus
osv
osv
CVE-2017-9506
2017-08-23 19:29:00
cvelist
cvelist
CVE-2017-9506
2017-05-31 00:00:00
cve
cve
CVE-2017-9506
2017-08-23 19:29:00
nvd
nvd
CVE-2017-9506
2017-08-23 19:29:00
hackerone
hackerone
U.S. Dept Of Defense: SSRF on █████████ Allowing internal server data access
2018-03-15 03:41:47