Exploit for Command Injection in Atlassian Bitbucket CVE-2022-36804

Name: Exploit for Command Injection in Atlassian Bitbucket CVE-2022-36804
Rating: 5 (21 reviews)

2022-09-20 | CVSS 2.5

## https://sploitus.com/exploit?id=26FF3C6A-B806-5D1D-A90A-26774E640721
# CVE-2022-36804-POC
A critical vulnerability (CVE-2022-36804) in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances.


# affected versions
All versions of Bitbucket Server and Data Center released before versions 7.6.17, 7.17.10, 7.21.4, 8.0.3, 8.1.2, 8.2.2, and 8.3.1 are vulnerable


# POC:
![POC](/poc.jpg)


# the poc is written in python with multi functionality(multi threading, list of ips, light weight, interactive shell...)
this upload comes with list of servers(mostly vulnerable)


# as of writting this there isnt any public poc for this vulnerability

# use at your own risk there is no way to avoid abuse: https://satoshidisk.com/pay/CGMSap


[![Hits](https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https%3A%2F%2Fgithub.com%2FCEOrbey%2FCVE-2022-36804-POC&count_bg=%2379C83D&title_bg=%23555555&icon=&icon_color=%23E7E7E7&title=RCE&edge_flat=false)](https://hits.seeyoufarm.com)