A day in 2018, I was participating in a bug bounty program, and this target caught my attention: The reason was pretty simple: LimeSurvey is a name I had never heard of before. I thought to myself that for an uncommon software like this, it should take no more than 5 minutes to find a […]
Author Archives: yeuchimse
Leaking issues from linked Jira – Atlassian Confluence Server
Application Links (sometimes called “app links”) is a bundled app that allows you to set up links, share information, and provide access to certain resources or functionality across multiple Atlassian products. Linking Confluence to other applications allows you to include information from those applications in pages or blogs that you create in Confluence. For example, […]
CSRF Protection Bypass in Atlassian Confluence Server
The Server version of Atlassian Confluence comes with a built-in plugin named applinks-cors, with the following declaration in file atlassian-plugin.xml: The CorsFilter class is implemented as below: As we can see from the code, for all requests to URLs that match the defined patterns, Access-Control-Allow-Origin (ACAO) and Access-Control-Allow-Credentials (ACAC) headers will be added to the […]