### [CVE-2017-9506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9506)
![](https://img.shields.io/static/v1?label=Product&message=Atlassian%20OAuth%20Plugin&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=From%20version%201.3.0%20before%20version%201.9.12%20and%20from%20version%202.0.0%20before%20version%202.0.4.%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Server-Side%20Request%20Forgery&color=brightgreen)

### Description

The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).

### POC

#### Reference
- https://ecosystem.atlassian.net/browse/OAUTH-344
- https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3

#### Github
- https://github.com/0x48piraj/Jiraffe
- https://github.com/0x48piraj/jiraffe
- https://github.com/20142995/nuclei-templates
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/Faizee-Asad/JIRA-Vulnerabilities
- https://github.com/GhostTroops/TOP
- https://github.com/JERRY123S/all-poc
- https://github.com/Rituraj-Vishwakarma/Scan-Jira
- https://github.com/UGF0aWVudF9aZXJv/Atlassian-Jira-pentesting
- https://github.com/assetnote/blind-ssrf-chains
- https://github.com/cyb3r-w0lf/nuclei-template-collection
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/hktalent/TOP
- https://github.com/iamthefrogy/BountyHound
- https://github.com/imhunterand/JiraCVE
- https://github.com/jbmihoub/all-poc
- https://github.com/labsbots/CVE-2017-9506
- https://github.com/merlinepedra/nuclei-templates
- https://github.com/merlinepedra25/nuclei-templates
- https://github.com/murksombra/rmap
- https://github.com/north-vuln-intel/nuclei-nvi
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/pwn1sher/jira-ssrf
- https://github.com/pwnosec/jirapwn
- https://github.com/random-robbie/Jira-Scan
- https://github.com/sevbandonmez/jira-scanner
- https://github.com/sobinge/nuclei-templates
- https://github.com/sushantdhopat/JIRA_testing
- https://github.com/weeka10/-hktalent-TOP