CVE-2022-36804 PoC — Atlassian Bitbucket Server 安全漏洞

Source

https://github.com/tahtaciburak/cve-2022-36804

Associated Vulnerability

Title:Atlassian Bitbucket Server 安全漏洞 (CVE-2022-36804)
Description:Atlassian Bitbucket Server是澳大利亚Atlassian公司的一款Git代码托管解决方案。该方案能够管理并审查代码，具有差异视图、JIRA集成和构建集成等功能。 Atlassian Bitbucket Server and Data Center存在安全漏洞，该漏洞源于允许对公共或私有Bitbucket库有读取权限的远程攻击者通过发送恶意的HTTP请求执行任意代码。以下产品及版本受到影响：7.0.0 至 7.6.17 之前版本，7.7.0 至 7.17.10 之前版本，7.18.0

Description

A simple PoC for Atlassian Bitbucket RCE [CVE-2022-36804]

Readme

# Atlassian Bitbucket RCE PoC - CVE-2022-36804

This repo contains a simple PoC script for Atlassian Bitbucket's remove code execution vulnerability. You can simply run this script via following commands:

```
echo 'bitbucket.redacted.com' | python3 cve-2022-36804.py
``` 

Or you can create a targets file from another tools like (subfinder, sublist3r or go-dork etc.) 


```
cat targets.txt |  python3 cve-2022-36804.py 
```

## References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36804  
https://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html

File Snapshot


 [4.0K]  /data/pocs/f6c58ad1e4182bc0dc09fbbe85c70dff8ade6ac9
├── [1.5K]  cve-2022-36804.py
├── [ 588]  README.md
└── [   0]  targets.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!