Exploit for Command Injection in Atlassian Bitbucket CVE-2022-36804

Name: Exploit for Command Injection in Atlassian Bitbucket CVE-2022-36804
Rating: 5 (142 reviews)

2022-09-26 | CVSS 0.6

## https://sploitus.com/exploit?id=DAAA47B0-5637-5160-BCB3-E488B5CF3512
# CVE-2022-36804 (Bitbucket RCE 2022)

This repo is part of the ***hgrab-framework***

### dork
`title: "<title>Public Repositories - Bitbucket</title>"`

### Affected product
    - Bitbucket Server and Data Center 7.6 prior to 7.6.17
    - Bitbucket Server and Data Center 7.17 prior to 7.17.10
    - Bitbucket Server and Data Center 7.21 prior to 7.21.4
    - Bitbucket Server and Data Center 8.0 prior to 8.0.3
    - Bitbucket Server and Data Center 8.1 prior to 8.1.3
    - Bitbucket Server and Data Center 8.2 prior to 8.2.2
    - Bitbucket Server and Data Center 8.3 prior to 8.3.1

### Installation
Install the app on the server
```sh
user@domain:~# git clone https://github.com/Inplex-sys/CVE-2022-36804.git
user@domain:~# cd ./CVE-2022-36804/
user@domain:~# python3 main.py <list.txt> <command>
```

The list file must contain the targets servers with this format `<http-https>://<target>:<port>`

![image](https://user-images.githubusercontent.com/69421356/192326094-8005846a-f67d-4206-a436-551ee092e920.png)