Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-26133 PoC — Atlassian Bitbucket Data Center 代码问题漏洞

Source
https://github.com/Pear1y/CVE-2022-26133
Associated Vulnerability
Title:Atlassian Bitbucket Data Center 代码问题漏洞 (CVE-2022-26133)
Description:Atlassian Bitbucket Data Center是澳大利亚Atlassian公司的Atlassian Bitbucket的数据中心版本。 Atlassian Bitbucket Data Center 存在安全漏洞,该漏洞源于容易受到 Java 反序列化攻击。未经身份验证的远程攻击者可以通过发送经特殊设计的请求来利用此漏洞,从而导致任意代码执行。以下产品和版本受到影响:5.14.x 及之后的所有 5.x 版本、所有 6.x 版本、7.6.14 之前的所有 7.x 版本、7.7.x 到 7.1
Description
Atlassian Bitbucket Data Center RCE(CVE-2022-26133) verification.
Readme
# CVE-2022-26133




## 说明

Atlassian Bitbucket Data Center 反序列化漏洞(CVE-2022-26133) 批量验证和利用

![image-20220510141355733](images/image-20220510141355733.png)



## 漏洞验证

![image-20220509202724404](images/image-20220509202724404.png)

批量

```
python3 CVE-2022-26133.py -u http://192.168.110.136:7990 -f target.txt
```



## 漏洞利用

![image-20220511095619698](images/image-20220511095619698.png)

![image-20220511095801769](images/image-20220511095801769.png)

***声明:该工具仅用于合法的,经过授权的渗透测试,公司内部安全检查与研究使用。由于使用本工具带来的不良后果由使用者本人负责。***
File Snapshot

 [4.0K]  /data/pocs/9d6ce11b61fd1c5d0bb5f19d25115426962355e1
├── [ 11K]  CVE-2022-26133.py
├── [4.0K]  images
│   ├── [154K]  image-20220509202724404.png
│   ├── [139K]  image-20220510141355733.png
│   ├── [ 61K]  image-20220511095619698.png
│   └── [185K]  image-20220511095801769.png
└── [ 692]  README.md

1 directory, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.