Exploit for Command Injection in Atlassian Bitbucket CVE-2022-36804

Name: Exploit for Command Injection in Atlassian Bitbucket CVE-2022-36804
Rating: 5 (564 reviews)

2022-09-23 | CVSS 1.8

## https://sploitus.com/exploit?id=4B077A8D-B9A8-51EC-A30C-160FCB41F9CD
# CVE-2022-36804-POC
A critical vulnerability (CVE-2022-36804) in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances.

You can use with list of ips and single command,
If you want to use with huge list of ips increase the thread count inside the script(not more than 1000)
Script is available for limit copies: https://satoshidisk.com/pay/CGRt1S

[![Top Langs](https://profile-counter.glitch.me/CEORBEY/count.svg)](https://satoshidisk.com/pay/CGRt1S)


# affected versions
All versions of Bitbucket Server and Data Center released before versions 7.6.17, 7.17.10, 7.21.4, 8.0.3, 8.1.2, 8.2.2, and 8.3.1 are vulnerable


# POC:
![POC](/FdBFWRuaUAc8gd0.png)


# the poc is written in python with multi functionality(multi threading, list of ips, light weight, interactive shell...)
this upload comes with list of servers(mostly vulnerable)


# as of writting this there isnt any public poc for this vulnerability

# available at here: https://satoshidisk.com/pay/CGRt1S